Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
19MgUpI9tj.dll

Overview

General Information

Sample name:19MgUpI9tj.dll
renamed because original name is a hash value
Original sample name:3dd20421f9a536cfdd3a8b5cf7e5d5fc.dll
Analysis ID:1591360
MD5:3dd20421f9a536cfdd3a8b5cf7e5d5fc
SHA1:9ad38539be5836e2ec27621c32a66670293d52ff
SHA256:eb0482a9de2f68aa565c0b30d51b75189f8d2fa881b0b5be47383825b6e8269f
Tags:dllexeWannaCryuser-mentality
Infos:

Detection

Wannacry
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Wannacry ransomware
AI detected suspicious sample
Connects to many different private IPs (likely to spread or exploit)
Connects to many different private IPs via SMB (likely to spread or exploit)
Drops executables to the windows directory (C:\Windows) and starts them
Machine Learning detection for sample
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Drops PE files
Drops PE files to the windows directory (C:\Windows)
HTTP GET or POST without a user agent
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file does not import any functions
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Yara signature match

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 3708 cmdline: loaddll32.exe "C:\Users\user\Desktop\19MgUpI9tj.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618)
    • conhost.exe (PID: 4864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 3280 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\19MgUpI9tj.dll",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • rundll32.exe (PID: 5340 cmdline: rundll32.exe "C:\Users\user\Desktop\19MgUpI9tj.dll",#1 MD5: 889B99C52A60DD49227C5E485A016679)
        • mssecsvr.exe (PID: 6900 cmdline: C:\WINDOWS\mssecsvr.exe MD5: 0F00DC99F94FDCA3721D0692B2ACACCD)
          • tasksche.exe (PID: 64 cmdline: C:\WINDOWS\tasksche.exe /i MD5: E2105F086EAB75BD8CDD2B6975E9CE80)
            • WerFault.exe (PID: 5276 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 64 -s 224 MD5: C31336C1EFC2CCB44B4326EA793040F2)
            • WerFault.exe (PID: 2216 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 64 -s 228 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • rundll32.exe (PID: 6116 cmdline: rundll32.exe C:\Users\user\Desktop\19MgUpI9tj.dll,PlayGame MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 424 cmdline: rundll32.exe "C:\Users\user\Desktop\19MgUpI9tj.dll",PlayGame MD5: 889B99C52A60DD49227C5E485A016679)
      • mssecsvr.exe (PID: 2580 cmdline: C:\WINDOWS\mssecsvr.exe MD5: 0F00DC99F94FDCA3721D0692B2ACACCD)
        • tasksche.exe (PID: 1112 cmdline: C:\WINDOWS\tasksche.exe /i MD5: E2105F086EAB75BD8CDD2B6975E9CE80)
          • WerFault.exe (PID: 5032 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 196 MD5: C31336C1EFC2CCB44B4326EA793040F2)
          • WerFault.exe (PID: 6316 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 200 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • mssecsvr.exe (PID: 3656 cmdline: C:\WINDOWS\mssecsvr.exe -m security MD5: 0F00DC99F94FDCA3721D0692B2ACACCD)
  • svchost.exe (PID: 6896 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • WerFault.exe (PID: 3536 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 64 -ip 64 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 6288 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1112 -ip 1112 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 4508 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 64 -ip 64 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 4048 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 1112 -ip 1112 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 3960 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
WannaCryptor, WannaCry, WannaCrypt
  • Lazarus Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.wannacryptor

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
19MgUpI9tj.dllJoeSecurity_WannacryYara detected Wannacry ransomwareJoe Security
    19MgUpI9tj.dllWannaCry_RansomwareDetects WannaCry RansomwareFlorian Roth (with the help of binar.ly)
    • 0x353d0:$x3: tasksche.exe
    • 0x353a8:$x8: C:\%s\qeriuwjhrf
    • 0x3014:$s1: C:\%s\%s
    • 0x12098:$s1: C:\%s\%s
    • 0x1b39c:$s1: C:\%s\%s
    • 0x353bc:$s1: C:\%s\%s
    • 0x326f0:$s5: \\192.168.56.20\IPC$
    • 0x1fae5:$s6: \\172.16.99.5\IPC$
    • 0xd195:$op1: 10 AC 72 0D 3D FF FF 1F AC 77 06 B8 01 00 00 00
    • 0x78da:$op2: 44 24 64 8A C6 44 24 65 0E C6 44 24 66 80 C6 44
    • 0x5449:$op3: 18 DF 6C 24 14 DC 64 24 2C DC 6C 24 5C DC 15 88

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000009.00000002.2320921135.000000000040F000.00000008.00000001.01000000.00000004.sdmpJoeSecurity_WannacryYara detected Wannacry ransomwareJoe Security
      00000007.00000000.2298949113.000000000040F000.00000008.00000001.01000000.00000004.sdmpJoeSecurity_WannacryYara detected Wannacry ransomwareJoe Security
        00000007.00000002.2952105140.000000000042E000.00000004.00000001.01000000.00000004.sdmpJoeSecurity_WannacryYara detected Wannacry ransomwareJoe Security
          00000007.00000002.2953238481.0000000002282000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_WannacryYara detected Wannacry ransomwareJoe Security
            00000007.00000002.2953037861.0000000001D62000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_WannacryYara detected Wannacry ransomwareJoe Security
              Click to see the 6 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              7.2.mssecsvr.exe.2282948.8.raw.unpackJoeSecurity_WannacryYara detected Wannacry ransomwareJoe Security
                7.2.mssecsvr.exe.22738c8.6.raw.unpackWannaCry_RansomwareDetects WannaCry RansomwareFlorian Roth (with the help of binar.ly)
                • 0x9131:$op1: 10 AC 72 0D 3D FF FF 1F AC 77 06 B8 01 00 00 00
                • 0x3876:$op2: 44 24 64 8A C6 44 24 65 0E C6 44 24 66 80 C6 44
                • 0x13e5:$op3: 18 DF 6C 24 14 DC 64 24 2C DC 6C 24 5C DC 15 88
                7.2.mssecsvr.exe.2282948.8.raw.unpackWannaCry_RansomwareDetects WannaCry RansomwareFlorian Roth (with the help of binar.ly)
                • 0x222ec:$x3: tasksche.exe
                • 0x222c4:$x8: C:\%s\qeriuwjhrf
                • 0x82b8:$s1: C:\%s\%s
                • 0x222d8:$s1: C:\%s\%s
                • 0x1f60c:$s5: \\192.168.56.20\IPC$
                • 0xca01:$s6: \\172.16.99.5\IPC$
                7.2.mssecsvr.exe.2282948.8.raw.unpackWannaCry_Ransomware_GenDetects WannaCry RansomwareFlorian Roth (based on rule by US CERT)
                • 0xca4c:$s1: __TREEID__PLACEHOLDER__
                • 0xcae8:$s1: __TREEID__PLACEHOLDER__
                • 0xd354:$s1: __TREEID__PLACEHOLDER__
                • 0xe3b9:$s1: __TREEID__PLACEHOLDER__
                • 0xf420:$s1: __TREEID__PLACEHOLDER__
                • 0x10488:$s1: __TREEID__PLACEHOLDER__
                • 0x114f0:$s1: __TREEID__PLACEHOLDER__
                • 0x12558:$s1: __TREEID__PLACEHOLDER__
                • 0x135c0:$s1: __TREEID__PLACEHOLDER__
                • 0x14628:$s1: __TREEID__PLACEHOLDER__
                • 0x15690:$s1: __TREEID__PLACEHOLDER__
                • 0x166f8:$s1: __TREEID__PLACEHOLDER__
                • 0x17760:$s1: __TREEID__PLACEHOLDER__
                • 0x187c8:$s1: __TREEID__PLACEHOLDER__
                • 0x19830:$s1: __TREEID__PLACEHOLDER__
                • 0x1a898:$s1: __TREEID__PLACEHOLDER__
                • 0x1b900:$s1: __TREEID__PLACEHOLDER__
                • 0x1bb14:$s1: __TREEID__PLACEHOLDER__
                • 0x1bb74:$s1: __TREEID__PLACEHOLDER__
                • 0x1f244:$s1: __TREEID__PLACEHOLDER__
                • 0x1f2c0:$s1: __TREEID__PLACEHOLDER__
                7.2.mssecsvr.exe.1d53084.2.raw.unpackWannaCry_RansomwareDetects WannaCry RansomwareFlorian Roth (with the help of binar.ly)
                • 0x9131:$op1: 10 AC 72 0D 3D FF FF 1F AC 77 06 B8 01 00 00 00
                • 0x3876:$op2: 44 24 64 8A C6 44 24 65 0E C6 44 24 66 80 C6 44
                • 0x13e5:$op3: 18 DF 6C 24 14 DC 64 24 2C DC 6C 24 5C DC 15 88
                Click to see the 35 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Windows Processes Suspicious Parent Directory
                Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, ProcessId: 6896, ProcessName: svchost.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-14T22:42:15.168227+010028033043Unknown Traffic192.168.2.650671103.224.212.21580TCP
                2025-01-14T22:42:23.865047+010028033043Unknown Traffic192.168.2.649751103.224.212.21580TCP
                2025-01-14T22:42:25.659751+010028033043Unknown Traffic192.168.2.649763103.224.212.21580TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-01-14T22:42:22.947625+010028300181A Network Trojan was detected192.168.2.6654611.1.1.153UDP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: 19MgUpI9tj.dllAvira: detected
                Antivirus detection for URL or domain
                Source: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-0842-2674-be12-423b8bba8fd9Avira URL Cloud: Label: malware
                Source: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-0842-2674-be12-423b8bba8fAvira URL Cloud: Label: malware
                Source: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-0842-255f-aa23-58d727aba250Avira URL Cloud: Label: malware
                Source: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-0842-23ff-808d-88d237d35fAvira URL Cloud: Label: malware
                Source: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-0842-23ff-808d-88d237d35f6dAvira URL Cloud: Label: malware
                Source: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-0842-255f-aa23-58d727aba2Avira URL Cloud: Label: malware
                Multi AV Scanner detection for dropped file
                Source: C:\WINDOWS\qeriuwjhrf (copy)ReversingLabs: Detection: 38%
                Source: C:\Windows\tasksche.exeReversingLabs: Detection: 38%
                Multi AV Scanner detection for submitted file
                Source: 19MgUpI9tj.dllVirustotal: Detection: 94%Perma Link
                Source: 19MgUpI9tj.dllReversingLabs: Detection: 92%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
                Machine Learning detection for sample
                Source: 19MgUpI9tj.dllJoe Sandbox ML: detected

                Exploits

                barindex
                Connects to many different private IPs (likely to spread or exploit)
                Source: global trafficTCP traffic: 192.168.2.39:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.38:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.42:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.41:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.44:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.43:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.46:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.45:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.48:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.47:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.40:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.28:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.27:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.29:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.31:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.30:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.33:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.32:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.35:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.34:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.37:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.36:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.17:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.16:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.19:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.18:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.20:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.22:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.21:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.24:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.23:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.26:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.25:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.97:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.96:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.11:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.99:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.10:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.98:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.13:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.12:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.15:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.14:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.91:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.90:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.93:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.92:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.95:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.94:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.2:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.1:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.8:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.7:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.9:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.4:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.3:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.6:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.5:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.86:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.104:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.85:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.105:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.88:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.102:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.87:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.103:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.108:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.89:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.109:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.106:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.107:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.80:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.82:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.100:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.81:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.101:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.84:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.83:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.75:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.74:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.77:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.113:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.76:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.114:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.79:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.78:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.71:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.111:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.70:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.112:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.73:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.72:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.110:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.64:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.63:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.66:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.65:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.68:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.67:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.69:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.60:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.62:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.61:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.49:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.53:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.52:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.55:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.54:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.57:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.56:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.59:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.58:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.51:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.50:445Jump to behavior
                Connects to many different private IPs via SMB (likely to spread or exploit)
                Source: global trafficTCP traffic: 192.168.2.39:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.38:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.42:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.41:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.44:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.43:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.46:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.45:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.48:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.47:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.40:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.28:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.27:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.29:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.31:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.30:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.33:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.32:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.35:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.34:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.37:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.36:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.17:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.16:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.19:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.18:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.20:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.22:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.21:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.24:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.23:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.26:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.25:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.97:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.96:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.11:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.99:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.10:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.98:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.13:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.12:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.15:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.14:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.91:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.90:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.93:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.92:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.95:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.94:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.2:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.1:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.8:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.7:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.9:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.4:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.3:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.6:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.5:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.86:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.104:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.85:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.105:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.88:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.102:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.87:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.103:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.108:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.89:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.109:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.106:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.107:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.80:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.82:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.100:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.81:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.101:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.84:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.83:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.75:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.74:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.77:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.113:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.76:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.114:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.79:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.78:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.71:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.111:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.70:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.112:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.73:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.72:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.110:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.64:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.63:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.66:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.65:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.68:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.67:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.69:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.60:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.62:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.61:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.49:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.53:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.52:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.55:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.54:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.57:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.56:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.59:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.58:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.51:445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.50:445Jump to behavior
                Source: 19MgUpI9tj.dllStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DLL

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2830018 - Severity 1 - ETPRO MALWARE Observed WannaCry Domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff .com in DNS Lookup) : 192.168.2.6:65461 -> 1.1.1.1:53
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /?subid1=20250115-0842-23ff-808d-88d237d35f6d HTTP/1.1Cache-Control: no-cacheHost: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /?subid1=20250115-0842-255f-aa23-58d727aba250 HTTP/1.1Cache-Control: no-cacheHost: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comCache-Control: no-cacheCookie: __tad=1736890943.1640136
                Source: global trafficHTTP traffic detected: GET /?subid1=20250115-0842-2674-be12-423b8bba8fd9 HTTP/1.1Cache-Control: no-cacheHost: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comConnection: Keep-AliveCookie: parking_session=43c57fdf-6860-4e67-b6fc-8e3b3fbb2124
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comCache-Control: no-cache
                Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:49751 -> 103.224.212.215:80
                Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:49763 -> 103.224.212.215:80
                Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:50671 -> 103.224.212.215:80
                Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239360422982_1TJDRH7G9FF9FQQY2&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239360422984_1O5I4N56JBATVHLO0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239381210195_1GJ8WP9CBLTF1DARK&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239381210196_1HI6M19EKP2WF4L1Q&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239356819466_1PN1118HHI92HRAXE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239356819467_11XRGHD2R08E7TNPP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                Source: unknownTCP traffic detected without corresponding DNS query: 18.1.0.168
                Source: unknownTCP traffic detected without corresponding DNS query: 18.1.0.168
                Source: unknownTCP traffic detected without corresponding DNS query: 18.1.0.168
                Source: unknownTCP traffic detected without corresponding DNS query: 18.1.0.1
                Source: unknownTCP traffic detected without corresponding DNS query: 18.1.0.168
                Source: unknownTCP traffic detected without corresponding DNS query: 18.1.0.1
                Source: unknownTCP traffic detected without corresponding DNS query: 18.1.0.1
                Source: unknownTCP traffic detected without corresponding DNS query: 18.1.0.1
                Source: unknownTCP traffic detected without corresponding DNS query: 18.1.0.1
                Source: unknownTCP traffic detected without corresponding DNS query: 18.1.0.1
                Source: unknownTCP traffic detected without corresponding DNS query: 18.1.0.1
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                Source: unknownTCP traffic detected without corresponding DNS query: 6.147.7.88
                Source: unknownTCP traffic detected without corresponding DNS query: 6.147.7.88
                Source: unknownTCP traffic detected without corresponding DNS query: 6.147.7.88
                Source: unknownTCP traffic detected without corresponding DNS query: 6.147.7.1
                Source: unknownTCP traffic detected without corresponding DNS query: 6.147.7.88
                Source: unknownTCP traffic detected without corresponding DNS query: 6.147.7.1
                Source: unknownTCP traffic detected without corresponding DNS query: 6.147.7.1
                Source: unknownTCP traffic detected without corresponding DNS query: 6.147.7.1
                Source: unknownTCP traffic detected without corresponding DNS query: 6.147.7.1
                Source: unknownTCP traffic detected without corresponding DNS query: 6.147.7.1
                Source: unknownTCP traffic detected without corresponding DNS query: 6.147.7.1
                Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                Source: unknownTCP traffic detected without corresponding DNS query: 198.205.43.159
                Source: unknownTCP traffic detected without corresponding DNS query: 198.205.43.159
                Source: unknownTCP traffic detected without corresponding DNS query: 198.205.43.159
                Source: unknownTCP traffic detected without corresponding DNS query: 198.205.43.1
                Source: unknownTCP traffic detected without corresponding DNS query: 198.205.43.159
                Source: unknownTCP traffic detected without corresponding DNS query: 198.205.43.1
                Source: unknownTCP traffic detected without corresponding DNS query: 198.205.43.1
                Source: unknownTCP traffic detected without corresponding DNS query: 198.205.43.1
                Source: unknownTCP traffic detected without corresponding DNS query: 198.205.43.1
                Source: unknownTCP traffic detected without corresponding DNS query: 198.205.43.1
                Source: unknownTCP traffic detected without corresponding DNS query: 198.205.43.1
                Source: unknownTCP traffic detected without corresponding DNS query: 77.226.237.97
                Source: unknownTCP traffic detected without corresponding DNS query: 77.226.237.97
                Source: unknownTCP traffic detected without corresponding DNS query: 77.226.237.97
                Source: unknownTCP traffic detected without corresponding DNS query: 77.226.237.1
                Source: unknownTCP traffic detected without corresponding DNS query: 77.226.237.97
                Source: unknownTCP traffic detected without corresponding DNS query: 77.226.237.1
                Source: unknownTCP traffic detected without corresponding DNS query: 77.226.237.1
                Source: unknownTCP traffic detected without corresponding DNS query: 77.226.237.1
                Source: unknownTCP traffic detected without corresponding DNS query: 77.226.237.1
                Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239360422982_1TJDRH7G9FF9FQQY2&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239360422984_1O5I4N56JBATVHLO0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239381210195_1GJ8WP9CBLTF1DARK&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239381210196_1HI6M19EKP2WF4L1Q&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239356819466_1PN1118HHI92HRAXE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239356819467_11XRGHD2R08E7TNPP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /?subid1=20250115-0842-23ff-808d-88d237d35f6d HTTP/1.1Cache-Control: no-cacheHost: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /?subid1=20250115-0842-255f-aa23-58d727aba250 HTTP/1.1Cache-Control: no-cacheHost: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comCache-Control: no-cacheCookie: __tad=1736890943.1640136
                Source: global trafficHTTP traffic detected: GET /?subid1=20250115-0842-2674-be12-423b8bba8fd9 HTTP/1.1Cache-Control: no-cacheHost: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comConnection: Keep-AliveCookie: parking_session=43c57fdf-6860-4e67-b6fc-8e3b3fbb2124
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comCache-Control: no-cache
                Source: global trafficDNS traffic detected: DNS query: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
                Source: global trafficDNS traffic detected: DNS query: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
                Source: svchost.exe, 0000001F.00000002.3527851345.00000140C1AA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                Source: qmgr.db.31.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                Source: qmgr.db.31.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acocfkfsx7alydpzevdxln7drwdq_117.0.5938.134/117.0.5
                Source: qmgr.db.31.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                Source: qmgr.db.31.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                Source: qmgr.db.31.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                Source: qmgr.db.31.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                Source: qmgr.db.31.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                Source: qmgr.db.31.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                Source: Amcache.hve.13.drString found in binary or memory: http://upx.sf.net
                Source: mssecsvr.exe, 00000009.00000002.2322490697.0000000000B4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwe
                Source: mssecsvr.exe, 00000006.00000002.2312577283.0000000000A51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-0842-23ff-808d-88d237d35f
                Source: mssecsvr.exe, 00000007.00000002.2952354823.00000000009C0000.00000004.00000020.00020000.00000000.sdmp, mssecsvr.exe, 00000007.00000002.2952354823.000000000099B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-0842-255f-aa23-58d727aba2
                Source: mssecsvr.exe, 00000009.00000002.2322490697.0000000000B2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-0842-2674-be12-423b8bba8f
                Source: 19MgUpI9tj.dllString found in binary or memory: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
                Source: mssecsvr.exe, 00000009.00000002.2322490697.0000000000B2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/
                Source: mssecsvr.exe, 00000006.00000002.2312577283.0000000000A0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/22www.iuqerfsodp9ifjaposdfjhgosurijfaewrwer
                Source: mssecsvr.exe, 00000007.00000002.2952354823.000000000099B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?2
                Source: mssecsvr.exe, 00000009.00000002.2322490697.0000000000B43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/s
                Source: mssecsvr.exe, 00000009.00000002.2322490697.0000000000AF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comG=
                Source: mssecsvr.exe, 00000007.00000002.2951958203.000000000019D000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comJ
                Source: mssecsvr.exe, 00000006.00000002.2312577283.0000000000A0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comO
                Source: qmgr.db.31.drString found in binary or memory: https://g.live.com/odclientsettings/Prod1C:
                Source: svchost.exe, 0000001F.00000003.2848111915.00000140C17F0000.00000004.00000800.00020000.00000000.sdmp, edb.log.31.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV21C:
                Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712

                Spam, unwanted Advertisements and Ransom Demands

                barindex
                Yara detected Wannacry ransomware
                Source: Yara matchFile source: 19MgUpI9tj.dll, type: SAMPLE
                Source: Yara matchFile source: 7.2.mssecsvr.exe.2282948.8.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.mssecsvr.exe.1d62104.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.mssecsvr.exe.1d53084.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.mssecsvr.exe.22738c8.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.mssecsvr.exe.227e8e8.9.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.mssecsvr.exe.2282948.8.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.mssecsvr.exe.1d62104.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.mssecsvr.exe.1d5e0a4.5.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000009.00000002.2320921135.000000000040F000.00000008.00000001.01000000.00000004.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000000.2298949113.000000000040F000.00000008.00000001.01000000.00000004.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2952105140.000000000042E000.00000004.00000001.01000000.00000004.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2953238481.0000000002282000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2953037861.0000000001D62000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2312294141.000000000040F000.00000008.00000001.01000000.00000004.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000000.2306667451.000000000040F000.00000008.00000001.01000000.00000004.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000000.2277734056.000000000040F000.00000008.00000001.01000000.00000004.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: mssecsvr.exe PID: 6900, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: mssecsvr.exe PID: 3656, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: mssecsvr.exe PID: 2580, type: MEMORYSTR

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 19MgUpI9tj.dll, type: SAMPLEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
                Source: 7.2.mssecsvr.exe.22738c8.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
                Source: 7.2.mssecsvr.exe.2282948.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
                Source: 7.2.mssecsvr.exe.2282948.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
                Source: 7.2.mssecsvr.exe.1d53084.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
                Source: 7.2.mssecsvr.exe.1d62104.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
                Source: 7.2.mssecsvr.exe.1d62104.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
                Source: 9.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
                Source: 9.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
                Source: 6.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
                Source: 6.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
                Source: 7.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
                Source: 7.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
                Source: 7.2.mssecsvr.exe.1d53084.2.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
                Source: 7.2.mssecsvr.exe.1d53084.2.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
                Source: 9.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
                Source: 9.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
                Source: 7.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
                Source: 7.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
                Source: 7.2.mssecsvr.exe.22738c8.6.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
                Source: 7.2.mssecsvr.exe.22738c8.6.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
                Source: 7.2.mssecsvr.exe.227e8e8.9.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
                Source: 6.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
                Source: 6.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (based on rule by US CERT)
                Source: 7.2.mssecsvr.exe.2282948.8.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
                Source: 7.2.mssecsvr.exe.1d62104.3.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
                Source: 7.2.mssecsvr.exe.1d5e0a4.5.unpack, type: UNPACKEDPEMatched rule: Detects WannaCry Ransomware Author: Florian Roth (with the help of binar.ly)
                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\WINDOWS\mssecsvr.exeJump to behavior
                Source: C:\Windows\mssecsvr.exeFile created: C:\WINDOWS\tasksche.exeJump to behavior
                Source: C:\Windows\mssecsvr.exeFile created: C:\WINDOWS\tasksche.exeJump to behavior
                Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 64 -ip 64
                Source: tasksche.exe.6.drStatic PE information: No import functions for PE file found
                Source: 19MgUpI9tj.dllStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DLL
                Source: 19MgUpI9tj.dll, type: SAMPLEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
                Source: 7.2.mssecsvr.exe.22738c8.6.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
                Source: 7.2.mssecsvr.exe.2282948.8.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
                Source: 7.2.mssecsvr.exe.2282948.8.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
                Source: 7.2.mssecsvr.exe.1d53084.2.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
                Source: 7.2.mssecsvr.exe.1d62104.3.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
                Source: 7.2.mssecsvr.exe.1d62104.3.raw.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
                Source: 9.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
                Source: 9.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
                Source: 6.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
                Source: 6.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
                Source: 7.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
                Source: 7.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
                Source: 7.2.mssecsvr.exe.1d53084.2.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
                Source: 7.2.mssecsvr.exe.1d53084.2.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
                Source: 9.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
                Source: 9.2.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
                Source: 7.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
                Source: 7.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
                Source: 7.2.mssecsvr.exe.22738c8.6.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
                Source: 7.2.mssecsvr.exe.22738c8.6.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
                Source: 7.2.mssecsvr.exe.227e8e8.9.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
                Source: 6.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
                Source: 6.0.mssecsvr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware_Gen date = 2017-05-12, hash3 = 4384bf4530fb2e35449a8e01c7e0ad94e3a25811ba94f7847c1e6612bbb45359, hash2 = 8e5b5841a3fe81cade259ce2a678ccb4451725bba71f6662d0cc1f08148da8df, hash1 = 9fe91d542952e145f2244572f314632d93eb1e8657621087b2ca7f7df2b0cb05, author = Florian Roth (based on rule by US CERT), description = Detects WannaCry Ransomware, reference = https://www.us-cert.gov/ncas/alerts/TA17-132A
                Source: 7.2.mssecsvr.exe.2282948.8.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
                Source: 7.2.mssecsvr.exe.1d62104.3.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
                Source: 7.2.mssecsvr.exe.1d5e0a4.5.unpack, type: UNPACKEDPEMatched rule: WannaCry_Ransomware date = 2017-05-12, hash1 = ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa, author = Florian Roth (with the help of binar.ly), description = Detects WannaCry Ransomware, reference = https://goo.gl/HG2j5T
                Source: classification engineClassification label: mal100.rans.expl.evad.winDLL@42/31@2/100
                Source: C:\Windows\mssecsvr.exeCode function: sprintf,OpenSCManagerA,InternetCloseHandle,CreateServiceA,CloseServiceHandle,StartServiceA,CloseServiceHandle,CloseServiceHandle,6_2_00407C40
                Source: C:\Windows\mssecsvr.exeCode function: sprintf,OpenSCManagerA,InternetCloseHandle,CreateServiceA,CloseServiceHandle,StartServiceA,CloseServiceHandle,CloseServiceHandle,7_2_00407C40
                Source: C:\Windows\mssecsvr.exeCode function: 6_2_00407CE0 InternetCloseHandle,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessA,FindResourceA,LoadResource,LockResource,SizeofResource,sprintf,sprintf,sprintf,MoveFileExA,CreateFileA,WriteFile,CloseHandle,CreateProcessA,CloseHandle,CloseHandle,6_2_00407CE0
                Source: C:\Windows\mssecsvr.exeCode function: 6_2_00407C40 sprintf,OpenSCManagerA,InternetCloseHandle,CreateServiceA,CloseServiceHandle,StartServiceA,CloseServiceHandle,CloseServiceHandle,6_2_00407C40
                Source: C:\Windows\mssecsvr.exeCode function: 6_2_00408090 GetModuleFileNameA,__p___argc,OpenSCManagerA,InternetCloseHandle,OpenServiceA,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherA,6_2_00408090
                Source: C:\Windows\mssecsvr.exeCode function: 7_2_00408090 GetModuleFileNameA,__p___argc,OpenSCManagerA,InternetCloseHandle,OpenServiceA,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,StartServiceCtrlDispatcherA,7_2_00408090
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \BaseNamedObjects\Local\SM0:4048:64:WilError_03
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \BaseNamedObjects\Local\SM0:6288:64:WilError_03
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \BaseNamedObjects\Local\SM0:3536:64:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4864:120:WilError_03
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess64
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \BaseNamedObjects\Local\SM0:4508:64:WilError_03
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1112
                Source: C:\Windows\System32\svchost.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\8098b69f-3243-485e-ad81-044797d6675bJump to behavior
                Source: 19MgUpI9tj.dllStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\19MgUpI9tj.dll,PlayGame
                Source: 19MgUpI9tj.dllVirustotal: Detection: 94%
                Source: 19MgUpI9tj.dllReversingLabs: Detection: 92%
                Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\19MgUpI9tj.dll"
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\19MgUpI9tj.dll",#1
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\19MgUpI9tj.dll,PlayGame
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\19MgUpI9tj.dll",#1
                Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\mssecsvr.exe C:\WINDOWS\mssecsvr.exe
                Source: unknownProcess created: C:\Windows\mssecsvr.exe C:\WINDOWS\mssecsvr.exe -m security
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\19MgUpI9tj.dll",PlayGame
                Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\mssecsvr.exe C:\WINDOWS\mssecsvr.exe
                Source: C:\Windows\mssecsvr.exeProcess created: C:\Windows\tasksche.exe C:\WINDOWS\tasksche.exe /i
                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 64 -ip 64
                Source: C:\Windows\tasksche.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 64 -s 224
                Source: C:\Windows\mssecsvr.exeProcess created: C:\Windows\tasksche.exe C:\WINDOWS\tasksche.exe /i
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1112 -ip 1112
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 64 -ip 64
                Source: C:\Windows\tasksche.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 196
                Source: C:\Windows\tasksche.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 64 -s 228
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 1112 -ip 1112
                Source: C:\Windows\tasksche.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 200
                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\19MgUpI9tj.dll",#1Jump to behavior
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\19MgUpI9tj.dll,PlayGameJump to behavior
                Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\19MgUpI9tj.dll",PlayGameJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\19MgUpI9tj.dll",#1Jump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\mssecsvr.exe C:\WINDOWS\mssecsvr.exeJump to behavior
                Source: C:\Windows\mssecsvr.exeProcess created: C:\Windows\tasksche.exe C:\WINDOWS\tasksche.exe /iJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\mssecsvr.exe C:\WINDOWS\mssecsvr.exeJump to behavior
                Source: C:\Windows\mssecsvr.exeProcess created: C:\Windows\tasksche.exe C:\WINDOWS\tasksche.exe /iJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 64 -ip 64Jump to behavior
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 64 -s 224Jump to behavior
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1112 -ip 1112Jump to behavior
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 64 -ip 64Jump to behavior
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 196Jump to behavior
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 64 -s 228Jump to behavior
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 1112 -ip 1112Jump to behavior
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 200Jump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknownJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknownJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknownJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknownJump to behavior
                Source: C:\Windows\System32\loaddll32.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\System32\loaddll32.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: msvcp60.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: msvcp60.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: msvcp60.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\mssecsvr.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\tasksche.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: wersvc.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: windowsperformancerecordercontrol.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: weretw.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: faultrep.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: dbgcore.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
                Source: C:\Windows\mssecsvr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                Source: 19MgUpI9tj.dllStatic file information: File size 5267459 > 1048576
                Source: 19MgUpI9tj.dllStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x501000

                Persistence and Installation Behavior

                barindex
                Drops executables to the windows directory (C:\Windows) and starts them
                Source: C:\Windows\SysWOW64\rundll32.exeExecutable created and started: C:\WINDOWS\mssecsvr.exeJump to behavior
                Source: C:\Windows\mssecsvr.exeExecutable created and started: C:\WINDOWS\tasksche.exeJump to behavior
                Source: C:\Windows\mssecsvr.exeFile created: C:\WINDOWS\qeriuwjhrf (copy)Jump to dropped file
                Source: C:\Windows\mssecsvr.exeFile created: C:\Windows\tasksche.exeJump to dropped file
                Source: C:\Windows\mssecsvr.exeFile created: C:\WINDOWS\qeriuwjhrf (copy)Jump to dropped file
                Source: C:\Windows\mssecsvr.exeFile created: C:\Windows\tasksche.exeJump to dropped file
                Source: C:\Windows\mssecsvr.exeCode function: 6_2_00407C40 sprintf,OpenSCManagerA,InternetCloseHandle,CreateServiceA,CloseServiceHandle,StartServiceA,CloseServiceHandle,CloseServiceHandle,6_2_00407C40
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\mssecsvr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\mssecsvr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\mssecsvr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\mssecsvr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\mssecsvr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\mssecsvr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\mssecsvr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\mssecsvr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\mssecsvr.exeThread delayed: delay time: 86400000Jump to behavior
                Source: C:\Windows\mssecsvr.exe TID: 6756Thread sleep count: 93 > 30Jump to behavior
                Source: C:\Windows\mssecsvr.exe TID: 6756Thread sleep time: -186000s >= -30000sJump to behavior
                Source: C:\Windows\mssecsvr.exe TID: 6744Thread sleep count: 125 > 30Jump to behavior
                Source: C:\Windows\mssecsvr.exe TID: 6744Thread sleep count: 49 > 30Jump to behavior
                Source: C:\Windows\mssecsvr.exe TID: 6756Thread sleep time: -86400000s >= -30000sJump to behavior
                Source: C:\Windows\System32\svchost.exe TID: 4836Thread sleep time: -30000s >= -30000s
                Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 120000Jump to behavior
                Source: C:\Windows\mssecsvr.exeThread delayed: delay time: 86400000Jump to behavior
                Source: Amcache.hve.13.drBinary or memory string: VMware
                Source: Amcache.hve.13.drBinary or memory string: VMware Virtual USB Mouse
                Source: Amcache.hve.13.drBinary or memory string: vmci.syshbin
                Source: Amcache.hve.13.drBinary or memory string: VMware, Inc.
                Source: Amcache.hve.13.drBinary or memory string: VMware20,1hbin@
                Source: Amcache.hve.13.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                Source: mssecsvr.exe, 00000007.00000002.2952354823.00000000009C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWr
                Source: Amcache.hve.13.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: Amcache.hve.13.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.13.drBinary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
                Source: mssecsvr.exe, 00000006.00000002.2312577283.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, mssecsvr.exe, 00000006.00000002.2312577283.0000000000A7B000.00000004.00000020.00020000.00000000.sdmp, mssecsvr.exe, 00000007.00000002.2952354823.0000000000987000.00000004.00000020.00020000.00000000.sdmp, mssecsvr.exe, 00000007.00000002.2952354823.00000000009C0000.00000004.00000020.00020000.00000000.sdmp, mssecsvr.exe, 00000009.00000002.2322490697.0000000000B4D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3527640685.00000140C1A56000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001F.00000002.3527640685.00000140C1A4C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: Amcache.hve.13.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Amcache.hve.13.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                Source: svchost.exe, 0000001F.00000002.3525696095.00000140BC42B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: Amcache.hve.13.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.13.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: mssecsvr.exe, 00000009.00000002.2322490697.0000000000B4D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW#
                Source: Amcache.hve.13.drBinary or memory string: vmci.sys
                Source: Amcache.hve.13.drBinary or memory string: vmci.syshbin`
                Source: Amcache.hve.13.drBinary or memory string: \driver\vmci,\driver\pci
                Source: Amcache.hve.13.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Amcache.hve.13.drBinary or memory string: VMware20,1
                Source: Amcache.hve.13.drBinary or memory string: Microsoft Hyper-V Generation Counter
                Source: Amcache.hve.13.drBinary or memory string: NECVMWar VMware SATA CD00
                Source: Amcache.hve.13.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                Source: Amcache.hve.13.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                Source: Amcache.hve.13.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                Source: Amcache.hve.13.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                Source: Amcache.hve.13.drBinary or memory string: VMware PCI VMCI Bus Device
                Source: mssecsvr.exe, 00000009.00000002.2322490697.0000000000AF8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW8C
                Source: Amcache.hve.13.drBinary or memory string: VMware VMCI Bus Device
                Source: Amcache.hve.13.drBinary or memory string: VMware Virtual RAM
                Source: Amcache.hve.13.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                Source: Amcache.hve.13.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                Source: C:\Windows\System32\svchost.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\tasksche.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\tasksche.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\19MgUpI9tj.dll",#1Jump to behavior
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 64 -ip 64Jump to behavior
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 64 -s 224Jump to behavior
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1112 -ip 1112Jump to behavior
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 64 -ip 64Jump to behavior
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 196Jump to behavior
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 64 -s 228Jump to behavior
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 1112 -ip 1112Jump to behavior
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 200Jump to behavior
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                Source: Amcache.hve.13.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                Source: Amcache.hve.13.drBinary or memory string: msmpeng.exe
                Source: Amcache.hve.13.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                Source: Amcache.hve.13.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                Source: Amcache.hve.13.drBinary or memory string: MsMpEng.exe

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                Service Execution                		4
                Windows Service                		4
                Windows Service                		12
                Masquerading                		OS Credential Dumping1
                Network Share Discovery                		Remote ServicesData from Local System1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/Job1
                DLL Side-Loading                		11
                Process Injection                		41
                Virtualization/Sandbox Evasion                		LSASS Memory131
                Security Software Discovery                		Remote Desktop ProtocolData from Removable Media1
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		11
                Process Injection                		Security Account Manager1
                Process Discovery                		SMB/Windows Admin SharesData from Network Shared Drive2
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                Rundll32                		NTDS41
                Virtualization/Sandbox Evasion                		Distributed Component Object ModelInput Capture13
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                DLL Side-Loading                		LSA Secrets21
                System Information Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1591360 Sample: 19MgUpI9tj.dll Startdate: 14/01/2025 Architecture: WINDOWS Score: 100 64 www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com 2->64 66 ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com 2->66 68 77026.bodis.com 2->68 76 Suricata IDS alerts for network traffic 2->76 78 Malicious sample detected (through community Yara rule) 2->78 80 Antivirus detection for URL or domain 2->80 82 6 other signatures 2->82 11 loaddll32.exe 1 2->11         started        13 mssecsvr.exe 12 2->13         started        17 svchost.exe 26 2->17         started        19 svchost.exe 2->19         started        signatures3 process4 dnsIp5 21 rundll32.exe 11->21         started        24 cmd.exe 1 11->24         started        26 conhost.exe 11->26         started        28 rundll32.exe 1 11->28         started        70 192.168.2.102 unknown unknown 13->70 72 192.168.2.103 unknown unknown 13->72 74 98 other IPs or domains 13->74 90 Connects to many different private IPs via SMB (likely to spread or exploit) 13->90 92 Connects to many different private IPs (likely to spread or exploit) 13->92 30 WerFault.exe 2 17->30         started        32 WerFault.exe 2 17->32         started        34 WerFault.exe 2 17->34         started        36 WerFault.exe 2 17->36         started        signatures6 process7 signatures8 84 Drops executables to the windows directory (C:\Windows) and starts them 21->84 38 mssecsvr.exe 13 21->38         started        42 rundll32.exe 24->42         started        process9 file10 60 C:\WINDOWS\qeriuwjhrf (copy), PE32 38->60 dropped 88 Drops executables to the windows directory (C:\Windows) and starts them 38->88 44 tasksche.exe 38->44         started        46 mssecsvr.exe 13 42->46         started        signatures11 process12 file13 49 WerFault.exe 16 44->49         started        51 WerFault.exe 2 16 44->51         started        62 C:\Windows\tasksche.exe, PE32 46->62 dropped 53 tasksche.exe 46->53         started        process14 signatures15 86 Multi AV Scanner detection for dropped file 53->86 56 WerFault.exe 19 16 53->56         started        58 WerFault.exe 3 16 53->58         started        process16

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                19MgUpI9tj.dll94%VirustotalBrowse
                19MgUpI9tj.dll92%ReversingLabsWin32.Ransomware.WannaCry
                19MgUpI9tj.dll100%AviraTR/Ransom.Gen
                19MgUpI9tj.dll100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\WINDOWS\qeriuwjhrf (copy)38%ReversingLabsWin32.Ransomware.WannaCry
                C:\Windows\tasksche.exe38%ReversingLabsWin32.Ransomware.WannaCry

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-0842-2674-be12-423b8bba8fd9100%Avira URL Cloudmalware
                http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwe0%Avira URL Cloudsafe
                http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comO0%Avira URL Cloudsafe
                http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-0842-2674-be12-423b8bba8f100%Avira URL Cloudmalware
                http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-0842-255f-aa23-58d727aba250100%Avira URL Cloudmalware
                http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comJ0%Avira URL Cloudsafe
                http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comG=0%Avira URL Cloudsafe
                http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-0842-23ff-808d-88d237d35f100%Avira URL Cloudmalware
                http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-0842-23ff-808d-88d237d35f6d100%Avira URL Cloudmalware
                http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-0842-255f-aa23-58d727aba2100%Avira URL Cloudmalware

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                77026.bodis.com
                		199.59.243.228
                		truefalse
                  		high
                  s-part-0017.t-0009.t-msedge.net
                  		13.107.246.45
                  		truefalse
                    		high
                    www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
                    		103.224.212.215
                    		truefalse
                      		high
                      ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
                      		unknown
                      		unknownfalse
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-0842-23ff-808d-88d237d35f6dfalse
                        • Avira URL Cloud: malware
                        		unknown
                        http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/false
                          		high
                          https://tse1.mm.bing.net/th?id=OADD2.10239356819466_1PN1118HHI92HRAXE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90false
                            		high
                            http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-0842-255f-aa23-58d727aba250false
                            • Avira URL Cloud: malware
                            		unknown
                            https://tse1.mm.bing.net/th?id=OADD2.10239360422982_1TJDRH7G9FF9FQQY2&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90false
                              		high
                              https://tse1.mm.bing.net/th?id=OADD2.10239356819467_11XRGHD2R08E7TNPP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90false
                                		high
                                https://tse1.mm.bing.net/th?id=OADD2.10239381210196_1HI6M19EKP2WF4L1Q&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90false
                                  		high
                                  http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-0842-2674-be12-423b8bba8fd9false
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://tse1.mm.bing.net/th?id=OADD2.10239381210195_1GJ8WP9CBLTF1DARK&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90false
                                    		high
                                    https://tse1.mm.bing.net/th?id=OADD2.10239360422984_1O5I4N56JBATVHLO0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90false
                                      		high

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-0842-2674-be12-423b8bba8fmssecsvr.exe, 00000009.00000002.2322490697.0000000000B2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-0842-23ff-808d-88d237d35fmssecsvr.exe, 00000006.00000002.2312577283.0000000000A51000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com19MgUpI9tj.dllfalse
                                        		high
                                        https://g.live.com/odclientsettings/ProdV21C:svchost.exe, 0000001F.00000003.2848111915.00000140C17F0000.00000004.00000800.00020000.00000000.sdmp, edb.log.31.drfalse
                                          		high
                                          http://crl.ver)svchost.exe, 0000001F.00000002.3527851345.00000140C1AA1000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://upx.sf.netAmcache.hve.13.drfalse
                                              		high
                                              http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/smssecsvr.exe, 00000009.00000002.2322490697.0000000000B43000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://g.live.com/odclientsettings/Prod1C:qmgr.db.31.drfalse
                                                  		high
                                                  http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comG=mssecsvr.exe, 00000009.00000002.2322490697.0000000000AF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comOmssecsvr.exe, 00000006.00000002.2312577283.0000000000A0E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-0842-255f-aa23-58d727aba2mssecsvr.exe, 00000007.00000002.2952354823.00000000009C0000.00000004.00000020.00020000.00000000.sdmp, mssecsvr.exe, 00000007.00000002.2952354823.000000000099B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comJmssecsvr.exe, 00000007.00000002.2951958203.000000000019D000.00000004.00000010.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/22www.iuqerfsodp9ifjaposdfjhgosurijfaewrwermssecsvr.exe, 00000006.00000002.2312577283.0000000000A0E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwemssecsvr.exe, 00000009.00000002.2322490697.0000000000B4D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?2mssecsvr.exe, 00000007.00000002.2952354823.000000000099B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high

                                                      World Map of Contacted IPs

                                                      • No. of IPs < 25%
                                                      • 25% < No. of IPs < 50%
                                                      • 50% < No. of IPs < 75%
                                                      • 75% < No. of IPs

                                                      Public IPs

                                                      IPDomainCountryFlagASNASN NameMalicious
                                                      198.205.43.159
                                                      		unknownUnited States
                                                      		11911THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-ASUSfalse
                                                      107.175.251.1
                                                      		unknownUnited States
                                                      		36352AS-COLOCROSSINGUSfalse
                                                      107.175.251.2
                                                      		unknownUnited States
                                                      		36352AS-COLOCROSSINGUSfalse
                                                      15.116.122.1
                                                      		unknownUnited States
                                                      		13979ATT-IPFRUSfalse
                                                      175.68.141.1
                                                      		unknownChina
                                                      		9394CTTNETChinaTieTongTelecommunicationsCorporationCNfalse
                                                      15.116.122.57
                                                      		unknownUnited States
                                                      		13979ATT-IPFRUSfalse
                                                      50.113.28.74
                                                      		unknownUnited States
                                                      		20001TWC-20001-PACWESTUSfalse
                                                      98.97.187.115
                                                      		unknownUnited States
                                                      		7018ATT-INTERNET4USfalse
                                                      37.134.68.167
                                                      		unknownSpain
                                                      		12479UNI2-ASESfalse
                                                      18.142.24.211
                                                      		unknownUnited States
                                                      		16509AMAZON-02USfalse
                                                      149.173.236.2
                                                      		unknownUnited States
                                                      		12229SAS-WHQUSfalse
                                                      109.252.120.234
                                                      		unknownRussian Federation
                                                      		25513ASN-MGTS-USPDRUfalse
                                                      75.65.143.1
                                                      		unknownUnited States
                                                      		7922COMCAST-7922USfalse
                                                      197.9.206.1
                                                      		unknownTunisia
                                                      		5438ATI-TNfalse
                                                      149.173.236.1
                                                      		unknownUnited States
                                                      		12229SAS-WHQUSfalse
                                                      197.9.206.2
                                                      		unknownTunisia
                                                      		5438ATI-TNfalse
                                                      50.113.28.1
                                                      		unknownUnited States
                                                      		20001TWC-20001-PACWESTUSfalse
                                                      149.173.236.150
                                                      		unknownUnited States
                                                      		12229SAS-WHQUSfalse
                                                      87.122.116.245
                                                      		unknownGermany
                                                      		8881VERSATELDEfalse
                                                      77.226.237.2
                                                      		unknownSpain
                                                      		12430VODAFONE_ESESfalse
                                                      77.226.237.1
                                                      		unknownSpain
                                                      		12430VODAFONE_ESESfalse
                                                      76.252.20.1
                                                      		unknownUnited States
                                                      		7018ATT-INTERNET4USfalse
                                                      136.139.192.57
                                                      		unknownUnited States
                                                      		60311ONEFMCHfalse
                                                      147.244.118.1
                                                      		unknownUnited States
                                                      		1541DNIC-ASBLK-01534-01546USfalse
                                                      147.244.118.2
                                                      		unknownUnited States
                                                      		1541DNIC-ASBLK-01534-01546USfalse

                                                      Private

                                                      IP
                                                      192.168.2.148
                                                      192.168.2.149
                                                      192.168.2.146
                                                      192.168.2.147
                                                      192.168.2.140
                                                      192.168.2.141
                                                      192.168.2.144
                                                      192.168.2.145
                                                      192.168.2.142
                                                      192.168.2.143
                                                      192.168.2.159
                                                      192.168.2.157
                                                      192.168.2.158
                                                      192.168.2.151
                                                      192.168.2.152
                                                      192.168.2.150
                                                      192.168.2.155
                                                      192.168.2.156
                                                      192.168.2.153
                                                      192.168.2.154
                                                      192.168.2.126
                                                      192.168.2.247
                                                      192.168.2.127
                                                      192.168.2.248
                                                      192.168.2.124
                                                      192.168.2.245
                                                      192.168.2.125
                                                      192.168.2.246
                                                      192.168.2.128
                                                      192.168.2.249
                                                      192.168.2.129
                                                      192.168.2.240
                                                      192.168.2.122
                                                      192.168.2.243
                                                      192.168.2.123
                                                      192.168.2.244
                                                      192.168.2.120
                                                      192.168.2.241
                                                      192.168.2.121
                                                      192.168.2.242
                                                      192.168.2.97
                                                      192.168.2.137
                                                      192.168.2.96
                                                      192.168.2.138
                                                      192.168.2.99
                                                      192.168.2.135
                                                      192.168.2.98
                                                      192.168.2.136
                                                      192.168.2.139
                                                      192.168.2.250
                                                      192.168.2.130
                                                      192.168.2.251
                                                      192.168.2.91
                                                      192.168.2.90
                                                      192.168.2.93
                                                      192.168.2.133
                                                      192.168.2.254
                                                      192.168.2.92
                                                      192.168.2.134
                                                      192.168.2.95
                                                      192.168.2.131
                                                      192.168.2.252
                                                      192.168.2.94
                                                      192.168.2.132
                                                      192.168.2.253
                                                      192.168.2.104
                                                      192.168.2.225
                                                      192.168.2.105
                                                      192.168.2.226
                                                      192.168.2.102
                                                      192.168.2.223
                                                      192.168.2.103
                                                      192.168.2.224
                                                      192.168.2.108
                                                      192.168.2.229

                                                      General Information

                                                      Joe Sandbox version:42.0.0 Malachite
                                                      Analysis ID:1591360
                                                      Start date and time:2025-01-14 22:41:14 +01:00
                                                      Joe Sandbox product:CloudBasic
                                                      Overall analysis duration:0h 6m 32s
                                                      Hypervisor based Inspection enabled:false
                                                      Report type:full
                                                      Cookbook file name:default.jbs
                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                      Number of analysed new started processes analysed:35
                                                      Number of new started drivers analysed:0
                                                      Number of existing processes analysed:0
                                                      Number of existing drivers analysed:0
                                                      Number of injected processes analysed:0
                                                      Technologies:
                                                      • HCA enabled
                                                      • EGA enabled
                                                      • AMSI enabled
                                                      Analysis Mode:default
                                                      Analysis stop reason:Timeout
                                                      Sample name:19MgUpI9tj.dll
                                                      renamed because original name is a hash value
                                                      Original Sample Name:3dd20421f9a536cfdd3a8b5cf7e5d5fc.dll
                                                      Detection:MAL
                                                      Classification:mal100.rans.expl.evad.winDLL@42/31@2/100
                                                      EGA Information:
                                                      • Successful, ratio: 66.7%
                                                      HCA Information:Failed
                                                      Cookbook Comments:
                                                      • Found application associated with file extension: .dll

                                                      Warnings

                                                      • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
                                                      • Excluded IPs from analysis (whitelisted): 20.42.73.29, 217.20.57.19, 2.23.242.162, 13.107.246.45, 20.190.159.71, 4.245.163.56, 20.31.169.57, 2.23.227.215, 150.171.28.10, 2.23.227.208, 20.223.36.55
                                                      • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, tse1.mm.bing.net, ctldl.windowsupdate.com, g.bing.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, fe3cr.delivery.mp.microsoft.com, login.live.com, e16604.g.akamaiedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, azureedge-t-prod.trafficmanager.net, umwatson.events.data.microsoft.com, prod.fs.microsoft.com.akadns.net
                                                      • Not all processes where analyzed, report is missing behavior information
                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                      Simulations

                                                      Behavior and APIs

                                                      TimeTypeDescription
                                                      16:42:24API Interceptor1x Sleep call for process: loaddll32.exe modified
                                                      16:42:30API Interceptor2x Sleep call for process: WerFault.exe modified
                                                      16:42:59API Interceptor112x Sleep call for process: mssecsvr.exe modified
                                                      16:43:18API Interceptor2x Sleep call for process: svchost.exe modified

                                                      Joe Sandbox View / Context

                                                      IPs

                                                      No context

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      s-part-0017.t-0009.t-msedge.nethttps://securityalert-corporate.com/click/f288bff9-842d-4e34-8d2d-41ad20e48e9dGet hashmaliciousUnknownBrowse
                                                      • 13.107.246.45
                                                      hzQNazOx3Z.dllGet hashmaliciousWannacryBrowse
                                                      • 13.107.246.45
                                                      eIZi481eP6.dllGet hashmaliciousWannacryBrowse
                                                      • 13.107.246.45
                                                      Yx3rRuVx3c.dllGet hashmaliciousWannacryBrowse
                                                      • 13.107.246.45
                                                      sUlHfYQxNw.dllGet hashmaliciousWannacryBrowse
                                                      • 13.107.246.45
                                                      logitix.pdfGet hashmaliciousHTMLPhisherBrowse
                                                      • 13.107.246.45
                                                      DHL AWB CUSTOM CLEARANCE.xlsGet hashmaliciousUnknownBrowse
                                                      • 13.107.246.45
                                                      DHL AWB CUSTOM CLEARANCE.xlsGet hashmaliciousUnknownBrowse
                                                      • 13.107.246.45
                                                      EFT_Payment_Notification_Gheenirrigation.htmlGet hashmaliciousHTMLPhisherBrowse
                                                      • 13.107.246.45
                                                      Document_31055.pdfGet hashmaliciousUnknownBrowse
                                                      • 13.107.246.45
                                                      77026.bodis.comeIZi481eP6.dllGet hashmaliciousWannacryBrowse
                                                      • 199.59.243.228
                                                      m9oUIFauYl.dllGet hashmaliciousWannacryBrowse
                                                      • 199.59.243.228
                                                      sUlHfYQxNw.dllGet hashmaliciousWannacryBrowse
                                                      • 199.59.243.228
                                                      6qqWn6eIGG.dllGet hashmaliciousWannacryBrowse
                                                      • 199.59.243.228
                                                      mlfk8sYaiy.dllGet hashmaliciousWannacryBrowse
                                                      • 199.59.243.228
                                                      jgd5ZGl1vA.dllGet hashmaliciousWannacryBrowse
                                                      • 199.59.243.228
                                                      8dPlV2lT8o.exeGet hashmaliciousSimda StealerBrowse
                                                      • 199.59.243.227
                                                      7ObLFE2iMK.exeGet hashmaliciousSimda StealerBrowse
                                                      • 199.59.243.227
                                                      UMwpXhA46R.exeGet hashmaliciousSimda StealerBrowse
                                                      • 199.59.243.227
                                                      1fWgBXPgiT.exeGet hashmaliciousSimda StealerBrowse
                                                      • 199.59.243.227
                                                      www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comeIZi481eP6.dllGet hashmaliciousWannacryBrowse
                                                      • 103.224.212.215
                                                      m9oUIFauYl.dllGet hashmaliciousWannacryBrowse
                                                      • 103.224.212.215
                                                      sUlHfYQxNw.dllGet hashmaliciousWannacryBrowse
                                                      • 103.224.212.215
                                                      6qqWn6eIGG.dllGet hashmaliciousWannacryBrowse
                                                      • 103.224.212.215
                                                      mlfk8sYaiy.dllGet hashmaliciousWannacryBrowse
                                                      • 103.224.212.215
                                                      jgd5ZGl1vA.dllGet hashmaliciousWannacryBrowse
                                                      • 103.224.212.215
                                                      LisectAVT_2403002A_327.dllGet hashmaliciousWannacryBrowse
                                                      • 103.224.212.215
                                                      yrBA01LVo2.exeGet hashmaliciousWannacryBrowse
                                                      • 103.224.212.215

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      ATT-IPFRUSYx3rRuVx3c.dllGet hashmaliciousWannacryBrowse
                                                      • 15.95.97.1
                                                      res.ppc.elfGet hashmaliciousUnknownBrowse
                                                      • 15.62.240.111
                                                      armv5l.elfGet hashmaliciousUnknownBrowse
                                                      • 15.6.247.41
                                                      miori.mpsl.elfGet hashmaliciousUnknownBrowse
                                                      • 15.86.183.116
                                                      miori.arm5.elfGet hashmaliciousUnknownBrowse
                                                      • 15.94.249.38
                                                      armv4l.elfGet hashmaliciousUnknownBrowse
                                                      • 15.62.68.27
                                                      armv6l.elfGet hashmaliciousUnknownBrowse
                                                      • 15.40.35.137
                                                      armv7l.elfGet hashmaliciousUnknownBrowse
                                                      • 15.8.11.165
                                                      armv4l.elfGet hashmaliciousUnknownBrowse
                                                      • 15.14.209.211
                                                      splsh4.elfGet hashmaliciousUnknownBrowse
                                                      • 15.92.221.150
                                                      THE-BANK-OF-NEW-YORK-MELLON-CORPORATION-BASE-ASUSelitebotnet.sh4.elfGet hashmaliciousMirai, OkiruBrowse
                                                      • 198.205.243.41
                                                      botnet.x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                      • 198.205.255.34
                                                      botx.mpsl.elfGet hashmaliciousMiraiBrowse
                                                      • 160.254.17.129
                                                      la.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                                                      • 160.254.17.111
                                                      la.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                                                      • 170.61.152.233
                                                      la.bot.arm5.elfGet hashmaliciousUnknownBrowse
                                                      • 198.205.206.80
                                                      na.elfGet hashmaliciousMirai, MoobotBrowse
                                                      • 160.254.154.40
                                                      tFuSHSz7Fv.elfGet hashmaliciousMiraiBrowse
                                                      • 170.61.152.237
                                                      FW3Yo7f3to.elfGet hashmaliciousMirai, MoobotBrowse
                                                      • 198.205.255.51
                                                      SzEvaEcbe3.elfGet hashmaliciousUnknownBrowse
                                                      • 170.61.152.238
                                                      AS-COLOCROSSINGUSa-r.m-6.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                      • 23.95.72.10
                                                      rebirth.sh4.elfGet hashmaliciousGafgytBrowse
                                                      • 23.95.73.77
                                                      rebirth.arm4.elfGet hashmaliciousGafgytBrowse
                                                      • 23.95.73.77
                                                      m-p.s-l.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                      • 23.95.72.10
                                                      s-h.4-.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                      • 23.95.72.10
                                                      rebirth.arm6.elfGet hashmaliciousGafgytBrowse
                                                      • 23.95.73.77
                                                      x-3.2-.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                      • 23.95.72.10
                                                      rebirth.spc.elfGet hashmaliciousGafgytBrowse
                                                      • 23.95.73.77
                                                      m-i.p-s.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                      • 23.95.72.10
                                                      rebirth.mpsl.elfGet hashmaliciousGafgytBrowse
                                                      • 23.95.73.77
                                                      AS-COLOCROSSINGUSa-r.m-6.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                      • 23.95.72.10
                                                      rebirth.sh4.elfGet hashmaliciousGafgytBrowse
                                                      • 23.95.73.77
                                                      rebirth.arm4.elfGet hashmaliciousGafgytBrowse
                                                      • 23.95.73.77
                                                      m-p.s-l.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                      • 23.95.72.10
                                                      s-h.4-.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                      • 23.95.72.10
                                                      rebirth.arm6.elfGet hashmaliciousGafgytBrowse
                                                      • 23.95.73.77
                                                      x-3.2-.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                      • 23.95.72.10
                                                      rebirth.spc.elfGet hashmaliciousGafgytBrowse
                                                      • 23.95.73.77
                                                      m-i.p-s.Sakura.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                      • 23.95.72.10
                                                      rebirth.mpsl.elfGet hashmaliciousGafgytBrowse
                                                      • 23.95.73.77

                                                      JA3 Fingerprints

                                                      No context

                                                      Dropped Files

                                                      No context

                                                      Created / dropped Files

                                                      C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):1310720
                                                      Entropy (8bit):0.7263298796753942
                                                      Encrypted:false
                                                      SSDEEP:1536:9J8s6YR3pnhWKInznxTgScwXhCeEcrKYSZNmTHk4UQJ32aqGT46yAwFM5hA7yH0w:9JZj5MiKNnNhoxuF
                                                      MD5:FCBD3AA8355F8CD53F7D6A9220EC6E3C
                                                      SHA1:4C43EDFB539A38EFAB1517C61C3257407A9CE160
                                                      SHA-256:1123202984BC199DDEC9EA55B3CB098BF110E226C17AF751B8E80887E42BFFAF
                                                      SHA-512:22C5E946D0BFEB1022B88BDB39FA8387F2460666B2F60BB265C7351C8AAD055AF0CA3D564DF7E7861C178436B19E89B6BE3E0D5F3621F40C10895040E86AD00C
                                                      Malicious:false
                                                      Preview:...........@..@9....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................................Fajaj.#.........`h.................h.......6.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                      C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:Extensible storage user DataBase, version 0x620, checksum 0x3754a0e5, page size 16384, DirtyShutdown, Windows version 10.0
                                                      Category:dropped
                                                      Size (bytes):1310720
                                                      Entropy (8bit):0.7556073323107159
                                                      Encrypted:false
                                                      SSDEEP:1536:FSB2ESB2SSjlK/svFH03N9Jdt8lYkr3g16xj2UPkLk+kLWyrufTRryrUYc//kbxW:FazaSvGJzYj2UlmOlOL
                                                      MD5:87357022781ECEBDBC8D9237A4EDEB13
                                                      SHA1:6E33B8375CE13169F9C8F8866F7681DC47857A78
                                                      SHA-256:5E85663AF48AD4FB9536BD79B1405664F0FE532E867E14966FF56AEE46071C3C
                                                      SHA-512:8C33DF5A5FD1AF9A2BC7588DB3A2FD291EB5590D6B02B978B4F3C7D5D957532CF5714B456C9F12A569B027541CA5632555FE899F300F850CF775B12D5B0B1F54
                                                      Malicious:false
                                                      Preview:7T..... .......7.......X\...;...{......................0.e......!...{?..+...}..h.g.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... .......9....{...............................................................................................................................................................................................2...{..................................v.;_.+...}..................P.X..+...}...........................#......h.g.....................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):16384
                                                      Entropy (8bit):0.07967290506449429
                                                      Encrypted:false
                                                      SSDEEP:3:eGtyYeAftVENaAPaU1l4oYqYlluxmO+l/SNxOf:IzktVENDPaUm3gmOH
                                                      MD5:3E5CB1CD21D40ABC843E3CA03DC98A97
                                                      SHA1:DD4736CA29FFB0D2C6767B6795D92BB9EA9A070F
                                                      SHA-256:067DA1372135813F8768947883B911F185CACF9C6D18C3E5DF7857E056FA97D6
                                                      SHA-512:0D9FADB9B6CCC71E9E239F0E53CFABE8D613FE17CE8E026D4EC14313C1E84333D65E3999ABBAB6C85A242E5EE28C18CE7F959423BEA79ACCFD732E473A298871
                                                      Malicious:false
                                                      Preview:+I'".....................................;...{...+...}...!...{?..........!...{?..!...{?..g...!...{?.................P.X..+...}..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_tasksche.exe_1db29bc48272f9a3e064985a6d259155e34438c5_5f6e30d1_d2efbb06-4860-4d66-98d8-64977af32a6e\Report.wer

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):0.6219121116762025
                                                      Encrypted:false
                                                      SSDEEP:192:SAHzbbIO/S660BU/KmkjlzuiFnZ24IO8vw6:S4zbMOS6BBU/KmkjlzuiFnY4IO8vw
                                                      MD5:1F741CFCFB34DCB110E7B51103EB9088
                                                      SHA1:44266A93FA750F0B2E3F665C67E023F539D32C4C
                                                      SHA-256:E6D9D42C86D52379F2379F948398DE4F017E732AB3004AC6246FB5438F3789D5
                                                      SHA-512:E2CCF0C34404C1521B5E75537AE2DCD3DB1D6426D5A76CCC3B55FC9F4B3D4095077D65C97D94B7901E4358E83FC1A404A2B6040B8943A013610DF175B46A5794
                                                      Malicious:false
                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.1.3.6.4.5.4.7.8.6.8.3.6.1.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.1.3.6.4.5.4.8.2.1.2.1.1.7.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.2.e.f.b.b.0.6.-.4.8.6.0.-.4.d.6.6.-.9.8.d.8.-.6.4.9.7.7.a.f.3.2.a.6.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.6.c.b.6.a.9.8.-.e.a.c.0.-.4.0.1.a.-.9.f.5.0.-.1.7.c.7.c.8.0.5.d.9.c.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.t.a.s.k.s.c.h.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.4.5.8.-.0.0.0.1.-.0.0.1.5.-.1.3.7.4.-.d.0.3.3.c.d.6.6.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.3.a.f.7.5.0.4.c.e.4.c.c.7.1.0.3.a.c.6.3.0.3.1.1.c.0.1.6.c.2.e.7.0.0.0.0.f.f.f.f.!.0.0.0.0.a.b.e.1.9.d.6.8.4.0.4.b.5.3.8.c.a.5.2.4.6.3.8.a.f.7.7.6.5.2.9.9.2.b.c.2.0.d.3.7.!.t.a.s.k.s.c.h.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.1.5./.

                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_tasksche.exe_1db29bc48272f9a3e064985a6d259155e34438c5_5f6e30d1_f709431c-cb6f-4622-900e-328eeb3f1897\Report.wer

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):0.6289946910047491
                                                      Encrypted:false
                                                      SSDEEP:192:NlbI1KS660BU/KmkjEzuiFnZ24IO8vw6:HMoS6BBU/KmkjEzuiFnY4IO8vw
                                                      MD5:09A7136B29C6E6FB02A4B993EEBD3A2A
                                                      SHA1:6D22F04820136AAA186C90E84C8AEA140D0E7218
                                                      SHA-256:E72F1D6E77D5DD25B1BE72AE45ABE6B55FD58334319AA4798C571E37CB008875
                                                      SHA-512:84083295D37148CEED2EE703234DEC4EBF4ABD212E11B3CAE3A3BF18368D50A332F154BD3EC7F151AD977F096CA47626996F333C7BC3AEC19D1CC01118671820
                                                      Malicious:false
                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.1.3.6.4.5.4.7.3.0.7.0.6.8.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.1.3.6.4.5.4.7.7.4.4.5.8.6.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.7.0.9.4.3.1.c.-.c.b.6.f.-.4.6.2.2.-.9.0.0.e.-.3.2.8.e.e.b.3.f.1.8.9.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.0.9.b.2.f.2.9.-.4.5.f.c.-.4.8.2.8.-.8.3.4.f.-.8.0.8.6.4.8.1.c.e.e.4.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.t.a.s.k.s.c.h.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.0.4.0.-.0.0.0.1.-.0.0.1.5.-.f.d.1.a.-.5.a.3.3.c.d.6.6.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.3.a.f.7.5.0.4.c.e.4.c.c.7.1.0.3.a.c.6.3.0.3.1.1.c.0.1.6.c.2.e.7.0.0.0.0.f.f.f.f.!.0.0.0.0.a.b.e.1.9.d.6.8.4.0.4.b.5.3.8.c.a.5.2.4.6.3.8.a.f.7.7.6.5.2.9.9.2.b.c.2.0.d.3.7.!.t.a.s.k.s.c.h.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.1.5./.

                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_tasksche.exe_2145597abd45e1ec793a62f5313526923c64cffc_5f6e30d1_5ffd7061-9a76-4ae3-bd76-d9a0cfc44a15\Report.wer

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):0.6119799953962769
                                                      Encrypted:false
                                                      SSDEEP:96:XAuwIHos1hFcH7FhESZQXIDcQzc645cocE1cw345cYm/+HbHsZAX/d5FMT2SlPkG:wbIHoS620tM/smkjlzuiFnZ24IO8vw6
                                                      MD5:58D267BE10EFFC72693DA8285B8005E4
                                                      SHA1:EF8B1EA11063D9C227E024DD584A056E157B3BA7
                                                      SHA-256:1E56856746B8999ED0B35B4002B573EC0CBA551EDB610975585B1642CEAD400A
                                                      SHA-512:4C5AF6B8D4704B83BB230F903650C868053BA139822B019A2600C2725A618F11F225AF05CFE81B5E34CE312D813BB1FA4F84D76F8B3F57E9130028224B22F66F
                                                      Malicious:false
                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.1.3.6.4.5.4.7.1.0.3.0.8.9.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.f.f.d.7.0.6.1.-.9.a.7.6.-.4.a.e.3.-.b.d.7.6.-.d.9.a.0.c.f.c.4.4.a.1.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.9.6.6.0.6.d.d.-.7.a.a.e.-.4.8.b.7.-.9.b.a.6.-.f.4.5.9.2.4.9.1.f.4.c.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.t.a.s.k.s.c.h.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.4.5.8.-.0.0.0.1.-.0.0.1.5.-.1.3.7.4.-.d.0.3.3.c.d.6.6.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.3.a.f.7.5.0.4.c.e.4.c.c.7.1.0.3.a.c.6.3.0.3.1.1.c.0.1.6.c.2.e.7.0.0.0.0.f.f.f.f.!.0.0.0.0.a.b.e.1.9.d.6.8.4.0.4.b.5.3.8.c.a.5.2.4.6.3.8.a.f.7.7.6.5.2.9.9.2.b.c.2.0.d.3.7.!.t.a.s.k.s.c.h.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.1.5././.0.9././.2.0.:.1.9.:.4.4.:.0.1.!.0.!.t.a.s.k.s.c.h.e...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....

                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_tasksche.exe_2145597abd45e1ec793a62f5313526923c64cffc_5f6e30d1_9a817744-2f0d-48f1-86aa-d9ec7610274b\Report.wer

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):0.6196003414111629
                                                      Encrypted:false
                                                      SSDEEP:192:SibIOFS620tM/smkjEzuiFnZ24IO8vw6:SiMMS6dtM/smkjEzuiFnY4IO8vw
                                                      MD5:6A3C791DC4FC8908D6005A70B4E7CC4E
                                                      SHA1:69B27B641823D0B730C3464A444C4FB7FF577BE4
                                                      SHA-256:314342F11F5E3460548535804953F2C3A5C6C38B4214A6F42B598B8DCE54A9B5
                                                      SHA-512:DCDE15BC41F3095E97069CB1D5967571D37BF8024953D11D1F8C7EF9BDAD00132D1BDDC4C87B8ED6EACE97B40B31A44745723136730A47E329D809FCC14170A9
                                                      Malicious:false
                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.1.3.6.4.5.4.5.7.0.2.0.7.3.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.a.8.1.7.7.4.4.-.2.f.0.d.-.4.8.f.1.-.8.6.a.a.-.d.9.e.c.7.6.1.0.2.7.4.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.d.8.a.0.5.4.d.-.b.9.9.a.-.4.c.d.d.-.9.2.0.4.-.7.5.d.f.8.4.9.9.3.e.c.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.t.a.s.k.s.c.h.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.0.4.0.-.0.0.0.1.-.0.0.1.5.-.f.d.1.a.-.5.a.3.3.c.d.6.6.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.3.a.f.7.5.0.4.c.e.4.c.c.7.1.0.3.a.c.6.3.0.3.1.1.c.0.1.6.c.2.e.7.0.0.0.0.f.f.f.f.!.0.0.0.0.a.b.e.1.9.d.6.8.4.0.4.b.5.3.8.c.a.5.2.4.6.3.8.a.f.7.7.6.5.2.9.9.2.b.c.2.0.d.3.7.!.t.a.s.k.s.c.h.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.1.5././.0.9././.2.0.:.1.9.:.4.4.:.0.1.!.0.!.t.a.s.k.s.c.h.e...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER103D.tmp.WERInternalMetadata.xml

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):8310
                                                      Entropy (8bit):3.6873684172116605
                                                      Encrypted:false
                                                      SSDEEP:192:R6l7wVeJil6y6YKb6STgmfXKvzpNz89bTr1fORm:R6lXJQ6y6YG6STgmfXKvcT5fJ
                                                      MD5:AE57ABB57B430E0BC8B64CDFB7B08997
                                                      SHA1:BF4CEFBF6E4EBD3B8F231F6A4819AEC49649AB63
                                                      SHA-256:597F367F5F27C516537B863398AA728721C24DBE16B03D0DD1CC8F417F464B57
                                                      SHA-512:C0325D1DAA20FEB2995A0377E19F1380E63F7A4562FC34B5E87F330AB632816E63258551F9BB9D0178CB3CA8FD79E8488BB8AE13663682FB2274D6B91ACDA00A
                                                      Malicious:false
                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.1.1.2.<./.P.i.

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER10AC.tmp.xml

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):4666
                                                      Entropy (8bit):4.428928527397307
                                                      Encrypted:false
                                                      SSDEEP:48:cvIwWl8zsBJg77aI9yBCGHWpW8VYl7Ym8M4Jh2FEM+q8vgE06vnBNiLd:uIjfTI72C/7V8eJmKZ065NiLd
                                                      MD5:17C8C94F252066E91220465F788E270C
                                                      SHA1:3AC4F7BD0088701FBD981B3074FB8CD065942042
                                                      SHA-256:0484ABB248B18B8C1773D7533BB5AB04E1F186373FE2E48A4CAF4D74911CFA71
                                                      SHA-512:D74AB78628E6F095C00E0DE1D431CE311B89BC54FD6260F9CDE2EC6039488E857BBE897787A2854860D0BB5208FB5B45235C0E612D5714DE9326BDC727CCC2B8
                                                      Malicious:false
                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="676125" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER10C9.tmp.dmp

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:Mini DuMP crash report, 14 streams, Tue Jan 14 21:42:27 2025, 0x1205a4 type
                                                      Category:dropped
                                                      Size (bytes):18704
                                                      Entropy (8bit):1.9311206422551612
                                                      Encrypted:false
                                                      SSDEEP:96:5t8U+q9HeSHh4i7nOg8nrKVkjS68LWx4WqB3jw71t/CEWIkWIDUIQepddxzxV:kLG6OEyzG1wwepddxF
                                                      MD5:152610AB36D86EBD0A6B596B16B61B8B
                                                      SHA1:769840B4E8AD7461B5DEE8F52CC70F38F6F4EAFB
                                                      SHA-256:321FB93DCAA84AE396077CC323456386778876C0A865F28F35A84B2B2EFDF184
                                                      SHA-512:E2081EA3782BF10D2996D8A61B997DCC791A683A1CEB28D82DEC8B5BE775B2B06A74DCC59EBAB4E84F837FC86B88781CCFF3775E09FEE1921A9B0BF0DC12096B
                                                      Malicious:false
                                                      Preview:MDMP..a..... .......C.g............4...............<.......d...............T.......8...........T...........p....?......................................................................................................eJ......L.......GenuineIntel............T.......@...A.g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER10CB.tmp.csv

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):79594
                                                      Entropy (8bit):3.044929998140619
                                                      Encrypted:false
                                                      SSDEEP:1536:jKjSYpBmJAd4FpnCQ2a7bQvDD+aoBbMjemzXudUNZ:jKjSYpBmJAd4FpnCQ2a7bQvDyaoBbMjX
                                                      MD5:2C901E2B53F54C03F70A06C961C0153D
                                                      SHA1:CD30A197DF4F0A7FD62F988F1C199BB8289613EC
                                                      SHA-256:37CE86BD8FFF5938EDF933023352EBCB8DA6F04EA0A099931EB57970CF62CAD7
                                                      SHA-512:EB6DCF4E76007038198B43451E9114068C04501C50245BB7AAEE4D4041428F26C7668C857E1CB201A4AADE17508486FA1877D0DF576AD7AAE37F66DAFC7A6F0E
                                                      Malicious:false
                                                      Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER1137.tmp.WERInternalMetadata.xml

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):6314
                                                      Entropy (8bit):3.7108261567412013
                                                      Encrypted:false
                                                      SSDEEP:96:RSIU6o7wVetbWcA6/mfSYXK7QE/fzLb5aM4Us89bFZnsfOPZm:R6l7wVeJWcA6eaYXK7Rprs89bTnsfORm
                                                      MD5:517AF1792E52DBD6192B72F56F986F20
                                                      SHA1:77D38AFA29DB3FF817ADA87F501D961D154A3D8A
                                                      SHA-256:E91C9E9829945957D16041D11C98B27FD2B77AE7043243241653C3AD504AF586
                                                      SHA-512:AE904B7B68D901475EDA894EC13DF3EFAB337C4A1D605AABDB661AE4F724DD5CD4C240AF30FEA0EE6EE17C07150A7E804C726C1433608D6139D17978C8FC7F78
                                                      Malicious:false
                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.4.<./.P.i.d.>.

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER1159.tmp.txt

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):13340
                                                      Entropy (8bit):2.6848828684578003
                                                      Encrypted:false
                                                      SSDEEP:96:TiZYW9P7ktZLfYnYkrWIdZHFYEZvAtCiDHL/KwLERhearembMrZUIPe3:2ZDywLdxi44arembMrZDPe3
                                                      MD5:B4A32748E8C1AA854070249AE994B6EC
                                                      SHA1:9519F104841CAB5126891660CC0B4A63F4DDC9D7
                                                      SHA-256:AFC0190EAB8602F74A307284586A36497BC7770BA38648A518DF29FEE34D01BD
                                                      SHA-512:B2FB92448DB46FAB5929010C61B0E5E0443610A8F8D65F42A6A82CD30F8657E2A8BBC82D9EB355CCFA403198144FC1409FA1A8051DCB7B8D5B6D8810652DF9E9
                                                      Malicious:false
                                                      Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER1167.tmp.xml

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):4666
                                                      Entropy (8bit):4.426803810641066
                                                      Encrypted:false
                                                      SSDEEP:48:cvIwWl8zsBJg77aI9yBCGHWpW8VYwYm8M4JhIFLP+q8vg/6vnBNind:uIjfTI72C/7VwJgK265Nind
                                                      MD5:D19A4DA9249D96F99605EE7DE7B5E433
                                                      SHA1:BBC0C891367A0920EF2453D6EB68B59E9F2F3EA4
                                                      SHA-256:2D6935D18B5D19BC5FF4ECAFB41569994549239AEEF9C2FD6017155F62EF44B9
                                                      SHA-512:185F670ECA060F97E0C44D54C042ED21E9051A2698D8EB57EC321ECC173D73AF64710CCB0CADE586FBE9CDAC016C72A8587FB4395C4ED93828AAA97CA0881F7B
                                                      Malicious:false
                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="676125" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER1179.tmp.csv

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):79622
                                                      Entropy (8bit):3.0448310445544875
                                                      Encrypted:false
                                                      SSDEEP:1536:9X/iYpBmJAA4FpnCQ2alNQvDD+aoBbMjemzXudUNX:9X/iYpBmJAA4FpnCQ2alNQvDyaoBbMjZ
                                                      MD5:D0F12D47646161360A8D15082ECBB8DE
                                                      SHA1:C1D25D58D4727046C90B61A2556DD5EEE2F46C83
                                                      SHA-256:246CB8B2405F8400AB5654200C127455096894A002301233F36352B7947307F8
                                                      SHA-512:8FC6F492EF2915087F4397E77318C4EEE4D6E66584BF1F98488966F7412C1457FAD19C09EBF903B17151321160738FDA7D92C9999BD032CABB1EE62074C28885
                                                      Malicious:false
                                                      Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER11E7.tmp.txt

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):13340
                                                      Entropy (8bit):2.685096634559804
                                                      Encrypted:false
                                                      SSDEEP:96:TiZYWiP7EiiYNYUWSBHFYEZEVtCilHB/KwYiNKaaerMNZaIee3:2ZDr6PuKTaaerMNZNee3
                                                      MD5:588B468A4A9491230EC9DED23C8DD679
                                                      SHA1:2FE5C0594CC41AFE93E9D1D27471FC1DFE8C0545
                                                      SHA-256:8524C09E905D81D2343EDA46B06FD69E47F700BDFE59EBFDBADEBB60E59F9B2A
                                                      SHA-512:0C32E68468C09CA921FD777CD19292405D71DC98E82482BFB6DACBC1CC0EC3947235D60016BDD8AB03BB9A4A849ECD43A2B290AFF4E2127E6869CC03185CD66A
                                                      Malicious:false
                                                      Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER12EC.tmp.dmp

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:Mini DuMP crash report, 14 streams, Tue Jan 14 21:42:27 2025, 0x1205a4 type
                                                      Category:dropped
                                                      Size (bytes):18236
                                                      Entropy (8bit):1.9300015863547795
                                                      Encrypted:false
                                                      SSDEEP:96:5t8i30KGpy/iy0Ci7DO++prKVkjS68LWx4WqjjM77FBC/WIPhWIqzI7s2Xx0Yt:kiXMy0COMOjC7yVZ1B7
                                                      MD5:9199EA2AADC158DB3A648CD2B7F96473
                                                      SHA1:B12FADB63180327DF30E88780ECCA7A2426BD47A
                                                      SHA-256:0F0B0F06B21FA3B3D980E83F99BF3699F04C3BB7190DB260C03E2EB42A24E028
                                                      SHA-512:B5C776754CD3B3430441EDEA6DC19B2380AD025A7BBED682A2F24464BAB7069CA2BE023AC2E6B5AD459CC65B1030620034615CF6F153D647C00CA4E8D232F11E
                                                      Malicious:false
                                                      Preview:MDMP..a..... .......C.g............4........... ...<.......d...............T.......8...........T...........0....?..........\...........H...............................................................................eJ..............GenuineIntel............T.......X...B.g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER135A.tmp.WERInternalMetadata.xml

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):6324
                                                      Entropy (8bit):3.706664078278949
                                                      Encrypted:false
                                                      SSDEEP:192:R6l7wVeJic6EvYXK7Rprp89bEzsf8pvMm:R6lXJJ6EvYXK76EYf8/
                                                      MD5:AD8EA65063F79AD9033A5CEE1A92DC9B
                                                      SHA1:3ED1A838C74B694109242EF7607B81020EB5E9AC
                                                      SHA-256:66E98BFF572B260E07DC4F10B23873CDFC226962B4B1EA2C84B2D1F5B33161E5
                                                      SHA-512:B8D199BA9FF4C709F94F19C2C7741BDCC1FC24352A8635E003835AFAFAE92D23D6E39E5D226ECAEAD8DEACDB918484B64D80A5004E27D91BFDF9D81F452D3B45
                                                      Malicious:false
                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.1.1.2.<./.P.i.

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER138A.tmp.xml

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):4666
                                                      Entropy (8bit):4.425387389342143
                                                      Encrypted:false
                                                      SSDEEP:48:cvIwWl8zsBJg77aI9yBCGHWpW8VYsYm8M4JhIF6o+q8vgy06vnBNiKd:uIjfTI72C/7VEJdoKb065NiKd
                                                      MD5:EED577879EFDCDBBE776B83D564A2AB0
                                                      SHA1:915101DD10C2C285914E1C0DAF30F2ECBD3DB8A7
                                                      SHA-256:BF3EBBB868B0120641894F2309F5D0515CE45AEC02417D54939C1FFA6B74A7D9
                                                      SHA-512:22CB1D4F828ADCB50F0FFBE8D21C5CE35829ECBA4E86BA2D67F3FA83D724ED6C3694057C97068B14537E30235527F4E59E9128F20BA1EE48563F939FA67AF39B
                                                      Malicious:false
                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="676125" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER13BD.tmp.csv

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):79628
                                                      Entropy (8bit):3.0447638106503727
                                                      Encrypted:false
                                                      SSDEEP:1536:J9IPYpBm/AX4FpnCQ2aM1Qv5D+aoBbMjemzXudUNbGJB:J9IPYpBm/AX4FpnCQ2aM1Qv5yaoBbMjS
                                                      MD5:8EC502051605830CA566C604D0CA04A6
                                                      SHA1:71F395F2F7FECC54BE565820E0CE5AB202F92B4B
                                                      SHA-256:0EAA1F9ECC8DFC691288D18FB4FBECF17E93FF5A012381F86BCC38D5C29EF958
                                                      SHA-512:66AE6D1D48C0E75DBA53499E8E6E4A422550F4529290CA99B12CD41DB6F12764DC51F86163F756841A104AC8DB23A18F8F93D99643C8086F308C539390A69DF7
                                                      Malicious:false
                                                      Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER140C.tmp.txt

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):13340
                                                      Entropy (8bit):2.6854579069734377
                                                      Encrypted:false
                                                      SSDEEP:96:TiZYWEXc8uYFY6WtHFYEZrctCitHQK/KwzaXaeeOJMYZZ4I7e3:2ZD/SwAsaeeOJMYZx7e3
                                                      MD5:E82F820C26E30ACDCE96F549B92FC348
                                                      SHA1:D432C4C301B6B2C079324CE95FAFFBFF0F832D88
                                                      SHA-256:038FBE47147BE696B1DAABEBA5A6630D4223E951F3220971C40D8B35569C1821
                                                      SHA-512:F794E2839DE5A1EA603680B4EDCE9C4FD92EB8B4A7AC11090D265E5A0BA380E764100D48F8DC69C1D9D70F5179E74D8C101004DB845D4EC6AA50CA188A02F394
                                                      Malicious:false
                                                      Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERA70.tmp.dmp

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:Mini DuMP crash report, 14 streams, Tue Jan 14 21:42:25 2025, 0x1205a4 type
                                                      Category:dropped
                                                      Size (bytes):17980
                                                      Entropy (8bit):1.8543943898518858
                                                      Encrypted:false
                                                      SSDEEP:96:5GS8tZq9HeSuXqTEi7nOg2xJrKVkjS68LWx4WqqLXTj1tbEWIkWIoUIZ7V:u3FlOGLLXTj1Nw7V
                                                      MD5:BD159045280B9E352E531DE21EDE91EA
                                                      SHA1:C27DB93545B99BE32E497C133D699C4FCFF6770F
                                                      SHA-256:CDCB4A5C5317A543113F4A90513CD945B43B57AD4A8442B57940F8929641F79F
                                                      SHA-512:B0808EA8B001FB7D2FB3AB32D6D0549C9BB88F33E0DB5DC939E418B33A8EAA2D9A6FBF897917770ECADFD3554ADB2A6792F7DA70B353A485A7C2E8035D55B70D
                                                      Malicious:false
                                                      Preview:MDMP..a..... .......A.g............4...............<.......d...............T.......8...........T...........H....<......................................................................................................eJ......L.......GenuineIntel............T.......@...A.g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERAFE.tmp.WERInternalMetadata.xml

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):6312
                                                      Entropy (8bit):3.7087720565083395
                                                      Encrypted:false
                                                      SSDEEP:192:R6l7wVeJbU6ezSYYXKvzpNB89bhn1fkCrm:R6lXJI6ezSYYXKvGh1fkX
                                                      MD5:60545E0D0CCA2E257BC1A5BFE88A1276
                                                      SHA1:6C91F9E606DBC5E0010D5BF7E47707020168251B
                                                      SHA-256:44EED59BF573222A4ECA94831669A828C99FDB7BBCA39281B06E9B8B85C8F42A
                                                      SHA-512:34C3164F3F6D750610FB48C02CBA471A8B1F47ADB7966AD96D9212693CDBCEE7BEBC547EA9B1192EBFBF642822BBB5781D021F5BA5AEFD41701AF0CEA7C21E3B
                                                      Malicious:false
                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.4.<./.P.i.d.>.

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERB5C.tmp.xml

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):4666
                                                      Entropy (8bit):4.426958020463009
                                                      Encrypted:false
                                                      SSDEEP:48:cvIwWl8zsBJg77aI9yBCGHWpW8VY1Ym8M4Jh2FR5x+q8vg16vnBNiWd:uIjfTI72C/7VFJW5xKo65NiWd
                                                      MD5:B83245F91DD86DADBBB32431C7A0ECCB
                                                      SHA1:71DA282460E34654E9D35571BEE1FB5EE58E5EFA
                                                      SHA-256:05B4EEDC8FF39A001DCC92506F353450150B3B44635F7FB735B8316621377464
                                                      SHA-512:B0BC097FA6C6D3132D9097FEA670EA4A76838882D4A4224FBEC690FFC38845DC3ED6E14BCD97337A10B81B17660888EA32D92E7DB5076D47F400E1069FDFE011
                                                      Malicious:false
                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="676125" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERB6A.tmp.csv

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):79296
                                                      Entropy (8bit):3.0451871142717475
                                                      Encrypted:false
                                                      SSDEEP:1536:WlX6wYpa9HPh4rnCQ2aLDQvDDuoBbMjemzXudUNxp:WlX6wYpa9HPh4rnCQ2aLDQvDCoBbMjeW
                                                      MD5:F09A29BCBF76CE8C250E9A2542F00C68
                                                      SHA1:8A3287C930C783C49D55F25814FA2C33AE92AF60
                                                      SHA-256:A50A106EED68212066549B7BADA7762E5DF93148C1DCB0D893C9EA095DD61442
                                                      SHA-512:D3D4A6B6212EB492FD13E38E94DDE5CE1AFD381D74BF928EA48A85EDC66B2653E494ED56D8B4DA301D6E065D6032B1883E3329113241AF0F662BEFA0972E08F3
                                                      Malicious:false
                                                      Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERBD8.tmp.txt

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):13340
                                                      Entropy (8bit):2.6845017199962435
                                                      Encrypted:false
                                                      SSDEEP:96:TiZYWBte+N6YhdOY+WkevHFYEZ79tCiPHP/dwNrMajevB92MTZmIRe3:2ZDskOaS4ajeT2MTZhRe3
                                                      MD5:74BC8A1ED5442A3544CDBAAAF1A4F678
                                                      SHA1:E070408FCA3552AF977A588C78C689733EE7B915
                                                      SHA-256:41EEFBF57214C9ABFF987F25AD2D206C085C0E57D31AE0128A289DCFE5CA91C5
                                                      SHA-512:16A7F8BE2AAEF77CFFA74064EBDA08E15698F9CEFA7C4FAED357E7628CEC1FC23024D622C49083FA0D7FC0B6F93A2BA67674CC4BCEE2E0DBCC81FDDC5F1FFFB4
                                                      Malicious:false
                                                      Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERFEE.tmp.dmp

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:Mini DuMP crash report, 14 streams, Tue Jan 14 21:42:27 2025, 0x1205a4 type
                                                      Category:dropped
                                                      Size (bytes):17512
                                                      Entropy (8bit):1.8545484237914842
                                                      Encrypted:false
                                                      SSDEEP:96:5t8i+0JGpy/sJi7DO+2rLrKVkjS68LWx4WqqGXTj7Ft/WIPfzWIUzIZtU:ki74OOZGXTj7zVHS
                                                      MD5:48C61D2E0209B54B0AF217580A37F744
                                                      SHA1:2AFE7FED42C66BE233ADB7EC401E7340DAEA2220
                                                      SHA-256:F664AE851043C099FE6464B8631954DBB7C80E7CBF05DF4C38A3338E2132F8B5
                                                      SHA-512:E42D87617693C4E8655C7E988367425AD3E6447053F1FDF61DF88D33F912C19F8945F294FDCD706AC377FBFB35A80B0008E3834505F515D0DD0FDDF4B49958E2
                                                      Malicious:false
                                                      Preview:MDMP..a..... .......C.g............4........... ...<.......d...............T.......8...........T...............`<..........\...........H...............................................................................eJ..............GenuineIntel............T.......X...B.g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\WINDOWS\qeriuwjhrf (copy)

                                                      Download File
                                                      Process:C:\Windows\mssecsvr.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):2061938
                                                      Entropy (8bit):0.06778108869092206
                                                      Encrypted:false
                                                      SSDEEP:384:Em7TZFtNeEOv2pp6awCQlNilK7sPecqORdIE2qmiFFC+3:13Dvev2pAawCQlsKpzjg
                                                      MD5:E2105F086EAB75BD8CDD2B6975E9CE80
                                                      SHA1:ABE19D68404B538CA524638AF77652992BC20D37
                                                      SHA-256:8C00CFB2696856F4C7E917DBF8B496D40B63D3F498EC51811730BE2E34D91C7F
                                                      SHA-512:AA1098141E5B47B0639E1863E253BBBDEE31FBD2B2624990D89F447161C6EE69BFCE9BAEEFCE8CCF0A474CFC67C57343847145AE87E1FA01721134814F36A7DB
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 38%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&K.WG%.WG%.WG%.^?..LG%.^?...G%.^?..BG%.WG$.G%.^?..0G%.^?..VG%.^?..VG%.^?..VG%.RichWG%.................PE..L......U..........................................@..........................`......................................p...3............ ..(9..............................................................@............................................text.............................. ..`.rdata...P.......R..................@..@.data...(...........................@....rsrc...(9... ...:..................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:JSON data
                                                      Category:dropped
                                                      Size (bytes):55
                                                      Entropy (8bit):4.306461250274409
                                                      Encrypted:false
                                                      SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                      MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                      SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                      SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                      SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                      Malicious:false
                                                      Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                      C:\Windows\appcompat\Programs\Amcache.hve

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:MS Windows registry file, NT/2000 or above
                                                      Category:dropped
                                                      Size (bytes):1835008
                                                      Entropy (8bit):4.468503890387406
                                                      Encrypted:false
                                                      SSDEEP:6144:wzZfpi6ceLPx9skLmb0fyZWSP3aJG8nAgeiJRMMhA2zX4WABluuNPjDH5S:mZHtyZWOKnMM6bFplj4
                                                      MD5:63AB6782CEE0F1F4F683C39FD64FA9DF
                                                      SHA1:640C38DE13D2A8E0375F73E1756C17697F22077D
                                                      SHA-256:45962F0E77C283B5C9E2E011C7148126CA6E0CFBEF7D31D5466DA9F0420B1A24
                                                      SHA-512:F415F3F6E512CB287249AB6A847999C322F6C47ABD016D482C2B781B025CAA582627046F2B8DE38CFE584FBA8C8AC7A7E7E99EB9E4EC35CDEBD09D6C575B92B2
                                                      Malicious:false
                                                      Preview:regfI...I....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...3.f.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Windows\tasksche.exe

                                                      Download File
                                                      Process:C:\Windows\mssecsvr.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):2061938
                                                      Entropy (8bit):0.06778108869092206
                                                      Encrypted:false
                                                      SSDEEP:384:Em7TZFtNeEOv2pp6awCQlNilK7sPecqORdIE2qmiFFC+3:13Dvev2pAawCQlsKpzjg
                                                      MD5:E2105F086EAB75BD8CDD2B6975E9CE80
                                                      SHA1:ABE19D68404B538CA524638AF77652992BC20D37
                                                      SHA-256:8C00CFB2696856F4C7E917DBF8B496D40B63D3F498EC51811730BE2E34D91C7F
                                                      SHA-512:AA1098141E5B47B0639E1863E253BBBDEE31FBD2B2624990D89F447161C6EE69BFCE9BAEEFCE8CCF0A474CFC67C57343847145AE87E1FA01721134814F36A7DB
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: ReversingLabs, Detection: 38%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&K.WG%.WG%.WG%.^?..LG%.^?...G%.^?..BG%.WG$.G%.^?..0G%.^?..VG%.^?..VG%.^?..VG%.RichWG%.................PE..L......U..........................................@..........................`......................................p...3............ ..(9..............................................................@............................................text.............................. ..`.rdata...P.......R..................@..@.data...(...........................@....rsrc...(9... ...:..................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                      Static File Info

                                                      General

                                                      File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                      Entropy (8bit):0.41748207874490023
                                                      TrID:
                                                      • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                                                      • Generic Win/DOS Executable (2004/3) 0.20%
                                                      • DOS Executable Generic (2002/1) 0.20%
                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                      File name:19MgUpI9tj.dll
                                                      File size:5'267'459 bytes
                                                      MD5:3dd20421f9a536cfdd3a8b5cf7e5d5fc
                                                      SHA1:9ad38539be5836e2ec27621c32a66670293d52ff
                                                      SHA256:eb0482a9de2f68aa565c0b30d51b75189f8d2fa881b0b5be47383825b6e8269f
                                                      SHA512:68662b14f282597a4ea6960734f82c9e9596c0b486766ffaec528df8d9e48ba009f8406b5254b09fad42cecbdcd54620fbf8f9c504575d9587acc47dc68c2b19
                                                      SSDEEP:6144:TE9l9ynRIYVTH5DgSgNajldktM0XXrCI:T1bLgmluC
                                                      TLSH:A636CF0A6A9CC0F4C449A23198B74E29E6B7BC1E1638C64F1B64DF661F63391B578F13
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}.r_9...9...9.......=...9...6.....A.:.......8.......8.......:...Rich9...........................PE..L...QW.Y...........!.......

                                                      File Icon

                                                      Icon Hash:7ae282899bbab082

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0x100011e9
                                                      Entrypoint Section:.text
                                                      Digitally signed:false
                                                      Imagebase:0x10000000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DLL
                                                      DLL Characteristics:
                                                      Time Stamp:0x59145751 [Thu May 11 12:21:37 2017 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:4
                                                      OS Version Minor:0
                                                      File Version Major:4
                                                      File Version Minor:0
                                                      Subsystem Version Major:4
                                                      Subsystem Version Minor:0
                                                      Import Hash:2e5708ae5fed0403e8117c645fb23e5b

                                                      Entrypoint Preview

                                                      Instruction
                                                      push ebp
                                                      mov ebp, esp
                                                      push ebx
                                                      mov ebx, dword ptr [ebp+08h]
                                                      push esi
                                                      mov esi, dword ptr [ebp+0Ch]
                                                      push edi
                                                      mov edi, dword ptr [ebp+10h]
                                                      test esi, esi
                                                      jne 00007FA8608923FBh
                                                      cmp dword ptr [10003140h], 00000000h
                                                      jmp 00007FA860892418h
                                                      cmp esi, 01h
                                                      je 00007FA8608923F7h
                                                      cmp esi, 02h
                                                      jne 00007FA860892414h
                                                      mov eax, dword ptr [10003150h]
                                                      test eax, eax
                                                      je 00007FA8608923FBh
                                                      push edi
                                                      push esi
                                                      push ebx
                                                      call eax
                                                      test eax, eax
                                                      je 00007FA8608923FEh
                                                      push edi
                                                      push esi
                                                      push ebx
                                                      call 00007FA86089230Ah
                                                      test eax, eax
                                                      jne 00007FA8608923F6h
                                                      xor eax, eax
                                                      jmp 00007FA860892440h
                                                      push edi
                                                      push esi
                                                      push ebx
                                                      call 00007FA8608921BCh
                                                      cmp esi, 01h
                                                      mov dword ptr [ebp+0Ch], eax
                                                      jne 00007FA8608923FEh
                                                      test eax, eax
                                                      jne 00007FA860892429h
                                                      push edi
                                                      push eax
                                                      push ebx
                                                      call 00007FA8608922E6h
                                                      test esi, esi
                                                      je 00007FA8608923F7h
                                                      cmp esi, 03h
                                                      jne 00007FA860892418h
                                                      push edi
                                                      push esi
                                                      push ebx
                                                      call 00007FA8608922D5h
                                                      test eax, eax
                                                      jne 00007FA8608923F5h
                                                      and dword ptr [ebp+0Ch], eax
                                                      cmp dword ptr [ebp+0Ch], 00000000h
                                                      je 00007FA860892403h
                                                      mov eax, dword ptr [10003150h]
                                                      test eax, eax
                                                      je 00007FA8608923FAh
                                                      push edi
                                                      push esi
                                                      push ebx
                                                      call eax
                                                      mov dword ptr [ebp+0Ch], eax
                                                      mov eax, dword ptr [ebp+0Ch]
                                                      pop edi
                                                      pop esi
                                                      pop ebx
                                                      pop ebp
                                                      retn 000Ch
                                                      jmp dword ptr [10002028h]
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al

                                                      Rich Headers

                                                      Programming Language:
                                                      • [ C ] VS98 (6.0) build 8168
                                                      • [C++] VS98 (6.0) build 8168
                                                      • [RES] VS98 (6.0) cvtres build 1720
                                                      • [LNK] VS98 (6.0) imp/exp build 8168

                                                      Data Directories

                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x21900x48.rdata
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x203c0x3c.rdata
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x40000x500060.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x5050000x5c.reloc
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x3c.rdata
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                      Sections

                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      .text0x10000x28c0x10008de9a2cb31e4c74bd008b871d14bfafcFalse0.13037109375data1.4429971244731552IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                      .rdata0x20000x1d80x10003dd394f95ab218593f2bc8eb65184db4False0.072509765625data0.7346018133622799IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .data0x30000x1540x10009b27c3f254416f775f5a51102ef8fb84False0.016845703125Matlab v4 mat-file (little endian) C:\%s\%s, numeric, rows 0, columns 00.085726967663312IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .rsrc0x40000x5000600x501000473115fc663b69367826f7671aff3f36unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .reloc0x5050000x2ac0x1000620f0b67a91f7f74151bc5be745b7110False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                      Resources

                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                      W0x40600x500000dataEnglishUnited States0.11054039001464844

                                                      Imports

                                                      DLLImport
                                                      KERNEL32.dllCloseHandle, WriteFile, CreateFileA, SizeofResource, LockResource, LoadResource, FindResourceA, CreateProcessA
                                                      MSVCRT.dllfree, _initterm, malloc, _adjust_fdiv, sprintf

                                                      Exports

                                                      NameOrdinalAddress
                                                      PlayGame10x10001114

                                                      Possible Origin

                                                      Language of compilation systemCountry where language is spokenMap
                                                      EnglishUnited States

                                                      Network Behavior

                                                      Suricata IDS Alerts

                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                      2025-01-14T22:42:15.168227+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.650671103.224.212.21580TCP
                                                      2025-01-14T22:42:22.947625+01002830018ETPRO MALWARE Observed WannaCry Domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff .com in DNS Lookup)1192.168.2.6654611.1.1.153UDP
                                                      2025-01-14T22:42:23.865047+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.649751103.224.212.21580TCP
                                                      2025-01-14T22:42:25.659751+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.649763103.224.212.21580TCP

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Jan 14, 2025 22:42:15.168771982 CET4971980192.168.2.62.23.77.188
                                                      Jan 14, 2025 22:42:17.257556915 CET49673443192.168.2.6173.222.162.64
                                                      Jan 14, 2025 22:42:17.257560015 CET49674443192.168.2.6173.222.162.64
                                                      Jan 14, 2025 22:42:17.585647106 CET49672443192.168.2.6173.222.162.64
                                                      Jan 14, 2025 22:42:23.255259037 CET4975180192.168.2.6103.224.212.215
                                                      Jan 14, 2025 22:42:23.260149956 CET8049751103.224.212.215192.168.2.6
                                                      Jan 14, 2025 22:42:23.260246992 CET4975180192.168.2.6103.224.212.215
                                                      Jan 14, 2025 22:42:23.261267900 CET4975180192.168.2.6103.224.212.215
                                                      Jan 14, 2025 22:42:23.266017914 CET8049751103.224.212.215192.168.2.6
                                                      Jan 14, 2025 22:42:23.864964008 CET8049751103.224.212.215192.168.2.6
                                                      Jan 14, 2025 22:42:23.865046978 CET4975180192.168.2.6103.224.212.215
                                                      Jan 14, 2025 22:42:23.865072012 CET8049751103.224.212.215192.168.2.6
                                                      Jan 14, 2025 22:42:23.865591049 CET4975180192.168.2.6103.224.212.215
                                                      Jan 14, 2025 22:42:23.870579958 CET4975180192.168.2.6103.224.212.215
                                                      Jan 14, 2025 22:42:23.875519991 CET8049751103.224.212.215192.168.2.6
                                                      Jan 14, 2025 22:42:24.211116076 CET4975780192.168.2.6199.59.243.228
                                                      Jan 14, 2025 22:42:24.215924025 CET8049757199.59.243.228192.168.2.6
                                                      Jan 14, 2025 22:42:24.216023922 CET4975780192.168.2.6199.59.243.228
                                                      Jan 14, 2025 22:42:24.228266001 CET4975780192.168.2.6199.59.243.228
                                                      Jan 14, 2025 22:42:24.233108997 CET8049757199.59.243.228192.168.2.6
                                                      Jan 14, 2025 22:42:24.670315027 CET8049757199.59.243.228192.168.2.6
                                                      Jan 14, 2025 22:42:24.670336008 CET8049757199.59.243.228192.168.2.6
                                                      Jan 14, 2025 22:42:24.670456886 CET4975780192.168.2.6199.59.243.228
                                                      Jan 14, 2025 22:42:24.834256887 CET4975780192.168.2.6199.59.243.228
                                                      Jan 14, 2025 22:42:24.834306002 CET4975780192.168.2.6199.59.243.228
                                                      Jan 14, 2025 22:42:25.020327091 CET4976380192.168.2.6103.224.212.215
                                                      Jan 14, 2025 22:42:25.025170088 CET8049763103.224.212.215192.168.2.6
                                                      Jan 14, 2025 22:42:25.025254011 CET4976380192.168.2.6103.224.212.215
                                                      Jan 14, 2025 22:42:25.025501013 CET4976380192.168.2.6103.224.212.215
                                                      Jan 14, 2025 22:42:25.030224085 CET8049763103.224.212.215192.168.2.6
                                                      Jan 14, 2025 22:42:25.659610033 CET8049763103.224.212.215192.168.2.6
                                                      Jan 14, 2025 22:42:25.659657955 CET8049763103.224.212.215192.168.2.6
                                                      Jan 14, 2025 22:42:25.659750938 CET4976380192.168.2.6103.224.212.215
                                                      Jan 14, 2025 22:42:25.663482904 CET4976380192.168.2.6103.224.212.215
                                                      Jan 14, 2025 22:42:25.665836096 CET4976980192.168.2.6199.59.243.228
                                                      Jan 14, 2025 22:42:25.668303013 CET8049763103.224.212.215192.168.2.6
                                                      Jan 14, 2025 22:42:25.670653105 CET8049769199.59.243.228192.168.2.6
                                                      Jan 14, 2025 22:42:25.670742035 CET4976980192.168.2.6199.59.243.228
                                                      Jan 14, 2025 22:42:25.670867920 CET4976980192.168.2.6199.59.243.228
                                                      Jan 14, 2025 22:42:25.675611019 CET8049769199.59.243.228192.168.2.6
                                                      Jan 14, 2025 22:42:25.817696095 CET4977080192.168.2.6103.224.212.215
                                                      Jan 14, 2025 22:42:25.822606087 CET8049770103.224.212.215192.168.2.6
                                                      Jan 14, 2025 22:42:25.822704077 CET4977080192.168.2.6103.224.212.215
                                                      Jan 14, 2025 22:42:25.822977066 CET4977080192.168.2.6103.224.212.215
                                                      Jan 14, 2025 22:42:25.827739000 CET8049770103.224.212.215192.168.2.6
                                                      Jan 14, 2025 22:42:26.125848055 CET8049769199.59.243.228192.168.2.6
                                                      Jan 14, 2025 22:42:26.125866890 CET8049769199.59.243.228192.168.2.6
                                                      Jan 14, 2025 22:42:26.125921965 CET4976980192.168.2.6199.59.243.228
                                                      Jan 14, 2025 22:42:26.155220032 CET4976980192.168.2.6199.59.243.228
                                                      Jan 14, 2025 22:42:26.155256987 CET4976980192.168.2.6199.59.243.228
                                                      Jan 14, 2025 22:42:26.195703983 CET49776445192.168.2.618.1.0.168
                                                      Jan 14, 2025 22:42:26.200632095 CET4454977618.1.0.168192.168.2.6
                                                      Jan 14, 2025 22:42:26.200711012 CET49776445192.168.2.618.1.0.168
                                                      Jan 14, 2025 22:42:26.200752974 CET49776445192.168.2.618.1.0.168
                                                      Jan 14, 2025 22:42:26.200969934 CET49777445192.168.2.618.1.0.1
                                                      Jan 14, 2025 22:42:26.205693007 CET4454977618.1.0.168192.168.2.6
                                                      Jan 14, 2025 22:42:26.205751896 CET49776445192.168.2.618.1.0.168
                                                      Jan 14, 2025 22:42:26.205770969 CET4454977718.1.0.1192.168.2.6
                                                      Jan 14, 2025 22:42:26.205857038 CET49777445192.168.2.618.1.0.1
                                                      Jan 14, 2025 22:42:26.205904961 CET49777445192.168.2.618.1.0.1
                                                      Jan 14, 2025 22:42:26.207412004 CET49780445192.168.2.618.1.0.1
                                                      Jan 14, 2025 22:42:26.210763931 CET4454977718.1.0.1192.168.2.6
                                                      Jan 14, 2025 22:42:26.210815907 CET49777445192.168.2.618.1.0.1
                                                      Jan 14, 2025 22:42:26.212176085 CET4454978018.1.0.1192.168.2.6
                                                      Jan 14, 2025 22:42:26.212254047 CET49780445192.168.2.618.1.0.1
                                                      Jan 14, 2025 22:42:26.212280989 CET49780445192.168.2.618.1.0.1
                                                      Jan 14, 2025 22:42:26.217034101 CET4454978018.1.0.1192.168.2.6
                                                      Jan 14, 2025 22:42:26.411207914 CET8049770103.224.212.215192.168.2.6
                                                      Jan 14, 2025 22:42:26.411288023 CET4977080192.168.2.6103.224.212.215
                                                      Jan 14, 2025 22:42:26.411331892 CET8049770103.224.212.215192.168.2.6
                                                      Jan 14, 2025 22:42:26.411479950 CET4977080192.168.2.6103.224.212.215
                                                      Jan 14, 2025 22:42:26.414491892 CET4977080192.168.2.6103.224.212.215
                                                      Jan 14, 2025 22:42:26.419292927 CET8049770103.224.212.215192.168.2.6
                                                      Jan 14, 2025 22:42:26.432003975 CET4978480192.168.2.6199.59.243.228
                                                      Jan 14, 2025 22:42:26.436831951 CET8049784199.59.243.228192.168.2.6
                                                      Jan 14, 2025 22:42:26.436929941 CET4978480192.168.2.6199.59.243.228
                                                      Jan 14, 2025 22:42:26.443507910 CET4978480192.168.2.6199.59.243.228
                                                      Jan 14, 2025 22:42:26.448299885 CET8049784199.59.243.228192.168.2.6
                                                      Jan 14, 2025 22:42:26.866837978 CET49673443192.168.2.6173.222.162.64
                                                      Jan 14, 2025 22:42:26.866853952 CET49674443192.168.2.6173.222.162.64
                                                      Jan 14, 2025 22:42:26.888611078 CET8049784199.59.243.228192.168.2.6
                                                      Jan 14, 2025 22:42:26.888628006 CET8049784199.59.243.228192.168.2.6
                                                      Jan 14, 2025 22:42:26.888684034 CET4978480192.168.2.6199.59.243.228
                                                      Jan 14, 2025 22:42:26.897428036 CET4978480192.168.2.6199.59.243.228
                                                      Jan 14, 2025 22:42:26.897505999 CET4978480192.168.2.6199.59.243.228
                                                      Jan 14, 2025 22:42:27.195009947 CET49672443192.168.2.6173.222.162.64
                                                      Jan 14, 2025 22:42:28.198654890 CET49808445192.168.2.66.147.7.88
                                                      Jan 14, 2025 22:42:28.203609943 CET445498086.147.7.88192.168.2.6
                                                      Jan 14, 2025 22:42:28.203702927 CET49808445192.168.2.66.147.7.88
                                                      Jan 14, 2025 22:42:28.203979969 CET49808445192.168.2.66.147.7.88
                                                      Jan 14, 2025 22:42:28.204170942 CET49809445192.168.2.66.147.7.1
                                                      Jan 14, 2025 22:42:28.208791018 CET445498086.147.7.88192.168.2.6
                                                      Jan 14, 2025 22:42:28.208941936 CET49808445192.168.2.66.147.7.88
                                                      Jan 14, 2025 22:42:28.208951950 CET445498096.147.7.1192.168.2.6
                                                      Jan 14, 2025 22:42:28.209012985 CET49809445192.168.2.66.147.7.1
                                                      Jan 14, 2025 22:42:28.209045887 CET49809445192.168.2.66.147.7.1
                                                      Jan 14, 2025 22:42:28.213963985 CET445498096.147.7.1192.168.2.6
                                                      Jan 14, 2025 22:42:28.215495110 CET49809445192.168.2.66.147.7.1
                                                      Jan 14, 2025 22:42:28.219594955 CET49811445192.168.2.66.147.7.1
                                                      Jan 14, 2025 22:42:28.224335909 CET445498116.147.7.1192.168.2.6
                                                      Jan 14, 2025 22:42:28.224412918 CET49811445192.168.2.66.147.7.1
                                                      Jan 14, 2025 22:42:28.224457026 CET49811445192.168.2.66.147.7.1
                                                      Jan 14, 2025 22:42:28.229196072 CET445498116.147.7.1192.168.2.6
                                                      Jan 14, 2025 22:42:28.943187952 CET44349712173.222.162.64192.168.2.6
                                                      Jan 14, 2025 22:42:28.943279028 CET49712443192.168.2.6173.222.162.64
                                                      Jan 14, 2025 22:42:30.258531094 CET49846445192.168.2.6198.205.43.159
                                                      Jan 14, 2025 22:42:30.263402939 CET44549846198.205.43.159192.168.2.6
                                                      Jan 14, 2025 22:42:30.263968945 CET49846445192.168.2.6198.205.43.159
                                                      Jan 14, 2025 22:42:30.267569065 CET49846445192.168.2.6198.205.43.159
                                                      Jan 14, 2025 22:42:30.269444942 CET49847445192.168.2.6198.205.43.1
                                                      Jan 14, 2025 22:42:30.272392035 CET44549846198.205.43.159192.168.2.6
                                                      Jan 14, 2025 22:42:30.274286985 CET44549847198.205.43.1192.168.2.6
                                                      Jan 14, 2025 22:42:30.275346994 CET49846445192.168.2.6198.205.43.159
                                                      Jan 14, 2025 22:42:30.275351048 CET49847445192.168.2.6198.205.43.1
                                                      Jan 14, 2025 22:42:30.280179977 CET49847445192.168.2.6198.205.43.1
                                                      Jan 14, 2025 22:42:30.285495996 CET44549847198.205.43.1192.168.2.6
                                                      Jan 14, 2025 22:42:30.288573027 CET49847445192.168.2.6198.205.43.1
                                                      Jan 14, 2025 22:42:30.509612083 CET49849445192.168.2.6198.205.43.1
                                                      Jan 14, 2025 22:42:30.514419079 CET44549849198.205.43.1192.168.2.6
                                                      Jan 14, 2025 22:42:30.514487982 CET49849445192.168.2.6198.205.43.1
                                                      Jan 14, 2025 22:42:30.514544010 CET49849445192.168.2.6198.205.43.1
                                                      Jan 14, 2025 22:42:30.519408941 CET44549849198.205.43.1192.168.2.6
                                                      Jan 14, 2025 22:42:32.258533001 CET49873445192.168.2.677.226.237.97
                                                      Jan 14, 2025 22:42:32.263459921 CET4454987377.226.237.97192.168.2.6
                                                      Jan 14, 2025 22:42:32.263547897 CET49873445192.168.2.677.226.237.97
                                                      Jan 14, 2025 22:42:32.263633013 CET49873445192.168.2.677.226.237.97
                                                      Jan 14, 2025 22:42:32.263923883 CET49874445192.168.2.677.226.237.1
                                                      Jan 14, 2025 22:42:32.268500090 CET4454987377.226.237.97192.168.2.6
                                                      Jan 14, 2025 22:42:32.268570900 CET49873445192.168.2.677.226.237.97
                                                      Jan 14, 2025 22:42:32.269134998 CET4454987477.226.237.1192.168.2.6
                                                      Jan 14, 2025 22:42:32.269412041 CET49874445192.168.2.677.226.237.1
                                                      Jan 14, 2025 22:42:32.269412041 CET49874445192.168.2.677.226.237.1
                                                      Jan 14, 2025 22:42:32.270505905 CET49875445192.168.2.677.226.237.1
                                                      Jan 14, 2025 22:42:32.274876118 CET4454987477.226.237.1192.168.2.6
                                                      Jan 14, 2025 22:42:32.274935007 CET49874445192.168.2.677.226.237.1
                                                      Jan 14, 2025 22:42:32.275341034 CET4454987577.226.237.1192.168.2.6
                                                      Jan 14, 2025 22:42:32.275402069 CET49875445192.168.2.677.226.237.1
                                                      Jan 14, 2025 22:42:32.275463104 CET49875445192.168.2.677.226.237.1
                                                      Jan 14, 2025 22:42:32.280272961 CET4454987577.226.237.1192.168.2.6
                                                      Jan 14, 2025 22:42:34.274818897 CET49910445192.168.2.6107.175.251.189
                                                      Jan 14, 2025 22:42:34.279774904 CET44549910107.175.251.189192.168.2.6
                                                      Jan 14, 2025 22:42:34.279923916 CET49910445192.168.2.6107.175.251.189
                                                      Jan 14, 2025 22:42:34.279956102 CET49910445192.168.2.6107.175.251.189
                                                      Jan 14, 2025 22:42:34.280170918 CET49911445192.168.2.6107.175.251.1
                                                      Jan 14, 2025 22:42:34.284884930 CET44549910107.175.251.189192.168.2.6
                                                      Jan 14, 2025 22:42:34.284998894 CET44549911107.175.251.1192.168.2.6
                                                      Jan 14, 2025 22:42:34.285022020 CET49910445192.168.2.6107.175.251.189
                                                      Jan 14, 2025 22:42:34.285092115 CET49911445192.168.2.6107.175.251.1
                                                      Jan 14, 2025 22:42:34.285195112 CET49911445192.168.2.6107.175.251.1
                                                      Jan 14, 2025 22:42:34.286701918 CET49912445192.168.2.6107.175.251.1
                                                      Jan 14, 2025 22:42:34.290112019 CET44549911107.175.251.1192.168.2.6
                                                      Jan 14, 2025 22:42:34.290195942 CET49911445192.168.2.6107.175.251.1
                                                      Jan 14, 2025 22:42:34.291554928 CET44549912107.175.251.1192.168.2.6
                                                      Jan 14, 2025 22:42:34.291723013 CET49912445192.168.2.6107.175.251.1
                                                      Jan 14, 2025 22:42:34.291723013 CET49912445192.168.2.6107.175.251.1
                                                      Jan 14, 2025 22:42:34.296538115 CET44549912107.175.251.1192.168.2.6
                                                      Jan 14, 2025 22:42:36.289863110 CET49944445192.168.2.637.134.68.167
                                                      Jan 14, 2025 22:42:36.294717073 CET4454994437.134.68.167192.168.2.6
                                                      Jan 14, 2025 22:42:36.294784069 CET49944445192.168.2.637.134.68.167
                                                      Jan 14, 2025 22:42:36.294895887 CET49944445192.168.2.637.134.68.167
                                                      Jan 14, 2025 22:42:36.295111895 CET49945445192.168.2.637.134.68.1
                                                      Jan 14, 2025 22:42:36.299866915 CET4454994437.134.68.167192.168.2.6
                                                      Jan 14, 2025 22:42:36.299880981 CET4454994537.134.68.1192.168.2.6
                                                      Jan 14, 2025 22:42:36.299921036 CET49944445192.168.2.637.134.68.167
                                                      Jan 14, 2025 22:42:36.300015926 CET49945445192.168.2.637.134.68.1
                                                      Jan 14, 2025 22:42:36.300015926 CET49945445192.168.2.637.134.68.1
                                                      Jan 14, 2025 22:42:36.300904036 CET49946445192.168.2.637.134.68.1
                                                      Jan 14, 2025 22:42:36.304918051 CET4454994537.134.68.1192.168.2.6
                                                      Jan 14, 2025 22:42:36.305130005 CET49945445192.168.2.637.134.68.1
                                                      Jan 14, 2025 22:42:36.306018114 CET4454994637.134.68.1192.168.2.6
                                                      Jan 14, 2025 22:42:36.306080103 CET49946445192.168.2.637.134.68.1
                                                      Jan 14, 2025 22:42:36.306149006 CET49946445192.168.2.637.134.68.1
                                                      Jan 14, 2025 22:42:36.310921907 CET4454994637.134.68.1192.168.2.6
                                                      Jan 14, 2025 22:42:38.361392021 CET49981445192.168.2.6219.121.211.91
                                                      Jan 14, 2025 22:42:38.366178989 CET44549981219.121.211.91192.168.2.6
                                                      Jan 14, 2025 22:42:38.366770983 CET49981445192.168.2.6219.121.211.91
                                                      Jan 14, 2025 22:42:38.366770983 CET49981445192.168.2.6219.121.211.91
                                                      Jan 14, 2025 22:42:38.366942883 CET49984445192.168.2.6219.121.211.1
                                                      Jan 14, 2025 22:42:38.371720076 CET44549984219.121.211.1192.168.2.6
                                                      Jan 14, 2025 22:42:38.371731043 CET44549981219.121.211.91192.168.2.6
                                                      Jan 14, 2025 22:42:38.371809959 CET49984445192.168.2.6219.121.211.1
                                                      Jan 14, 2025 22:42:38.371905088 CET49981445192.168.2.6219.121.211.91
                                                      Jan 14, 2025 22:42:38.371912956 CET49984445192.168.2.6219.121.211.1
                                                      Jan 14, 2025 22:42:38.372327089 CET49985445192.168.2.6219.121.211.1
                                                      Jan 14, 2025 22:42:38.377104044 CET44549985219.121.211.1192.168.2.6
                                                      Jan 14, 2025 22:42:38.377728939 CET44549984219.121.211.1192.168.2.6
                                                      Jan 14, 2025 22:42:38.378084898 CET49985445192.168.2.6219.121.211.1
                                                      Jan 14, 2025 22:42:38.378226042 CET49984445192.168.2.6219.121.211.1
                                                      Jan 14, 2025 22:42:38.382102966 CET49985445192.168.2.6219.121.211.1
                                                      Jan 14, 2025 22:42:38.386874914 CET44549985219.121.211.1192.168.2.6
                                                      Jan 14, 2025 22:42:40.368494034 CET50015445192.168.2.6149.173.236.150
                                                      Jan 14, 2025 22:42:40.373302937 CET44550015149.173.236.150192.168.2.6
                                                      Jan 14, 2025 22:42:40.373408079 CET50015445192.168.2.6149.173.236.150
                                                      Jan 14, 2025 22:42:40.373578072 CET50015445192.168.2.6149.173.236.150
                                                      Jan 14, 2025 22:42:40.373668909 CET50016445192.168.2.6149.173.236.1
                                                      Jan 14, 2025 22:42:40.378494024 CET44550015149.173.236.150192.168.2.6
                                                      Jan 14, 2025 22:42:40.378505945 CET44550015149.173.236.150192.168.2.6
                                                      Jan 14, 2025 22:42:40.378515959 CET44550016149.173.236.1192.168.2.6
                                                      Jan 14, 2025 22:42:40.378653049 CET50016445192.168.2.6149.173.236.1
                                                      Jan 14, 2025 22:42:40.378653049 CET50016445192.168.2.6149.173.236.1
                                                      Jan 14, 2025 22:42:40.378894091 CET50015445192.168.2.6149.173.236.150
                                                      Jan 14, 2025 22:42:40.378961086 CET50017445192.168.2.6149.173.236.1
                                                      Jan 14, 2025 22:42:40.383580923 CET44550016149.173.236.1192.168.2.6
                                                      Jan 14, 2025 22:42:40.383732080 CET44550017149.173.236.1192.168.2.6
                                                      Jan 14, 2025 22:42:40.383795023 CET50017445192.168.2.6149.173.236.1
                                                      Jan 14, 2025 22:42:40.383867979 CET50017445192.168.2.6149.173.236.1
                                                      Jan 14, 2025 22:42:40.384335995 CET50016445192.168.2.6149.173.236.1
                                                      Jan 14, 2025 22:42:40.388647079 CET44550017149.173.236.1192.168.2.6
                                                      Jan 14, 2025 22:42:42.383521080 CET50054445192.168.2.6147.244.118.48
                                                      Jan 14, 2025 22:42:42.388387918 CET44550054147.244.118.48192.168.2.6
                                                      Jan 14, 2025 22:42:42.388475895 CET50054445192.168.2.6147.244.118.48
                                                      Jan 14, 2025 22:42:42.388572931 CET50054445192.168.2.6147.244.118.48
                                                      Jan 14, 2025 22:42:42.388741016 CET50055445192.168.2.6147.244.118.1
                                                      Jan 14, 2025 22:42:42.393404961 CET44550054147.244.118.48192.168.2.6
                                                      Jan 14, 2025 22:42:42.393456936 CET50054445192.168.2.6147.244.118.48
                                                      Jan 14, 2025 22:42:42.393572092 CET44550055147.244.118.1192.168.2.6
                                                      Jan 14, 2025 22:42:42.393621922 CET50055445192.168.2.6147.244.118.1
                                                      Jan 14, 2025 22:42:42.393682003 CET50055445192.168.2.6147.244.118.1
                                                      Jan 14, 2025 22:42:42.393976927 CET50056445192.168.2.6147.244.118.1
                                                      Jan 14, 2025 22:42:42.398531914 CET44550055147.244.118.1192.168.2.6
                                                      Jan 14, 2025 22:42:42.398576021 CET50055445192.168.2.6147.244.118.1
                                                      Jan 14, 2025 22:42:42.398746967 CET44550056147.244.118.1192.168.2.6
                                                      Jan 14, 2025 22:42:42.398797989 CET50056445192.168.2.6147.244.118.1
                                                      Jan 14, 2025 22:42:42.398823977 CET50056445192.168.2.6147.244.118.1
                                                      Jan 14, 2025 22:42:42.403548002 CET44550056147.244.118.1192.168.2.6
                                                      Jan 14, 2025 22:42:44.398792982 CET50091445192.168.2.6144.165.243.195
                                                      Jan 14, 2025 22:42:44.403553009 CET44550091144.165.243.195192.168.2.6
                                                      Jan 14, 2025 22:42:44.403718948 CET50091445192.168.2.6144.165.243.195
                                                      Jan 14, 2025 22:42:44.403794050 CET50091445192.168.2.6144.165.243.195
                                                      Jan 14, 2025 22:42:44.403928995 CET50093445192.168.2.6144.165.243.1
                                                      Jan 14, 2025 22:42:44.408644915 CET44550091144.165.243.195192.168.2.6
                                                      Jan 14, 2025 22:42:44.408673048 CET44550093144.165.243.1192.168.2.6
                                                      Jan 14, 2025 22:42:44.408768892 CET50091445192.168.2.6144.165.243.195
                                                      Jan 14, 2025 22:42:44.408806086 CET50093445192.168.2.6144.165.243.1
                                                      Jan 14, 2025 22:42:44.408806086 CET50093445192.168.2.6144.165.243.1
                                                      Jan 14, 2025 22:42:44.409286976 CET50095445192.168.2.6144.165.243.1
                                                      Jan 14, 2025 22:42:44.413748026 CET44550093144.165.243.1192.168.2.6
                                                      Jan 14, 2025 22:42:44.414071083 CET44550095144.165.243.1192.168.2.6
                                                      Jan 14, 2025 22:42:44.414129019 CET50093445192.168.2.6144.165.243.1
                                                      Jan 14, 2025 22:42:44.414129019 CET50095445192.168.2.6144.165.243.1
                                                      Jan 14, 2025 22:42:44.414767027 CET50095445192.168.2.6144.165.243.1
                                                      Jan 14, 2025 22:42:44.419570923 CET44550095144.165.243.1192.168.2.6
                                                      Jan 14, 2025 22:42:46.414624929 CET50131445192.168.2.6134.64.132.107
                                                      Jan 14, 2025 22:42:46.419447899 CET44550131134.64.132.107192.168.2.6
                                                      Jan 14, 2025 22:42:46.419522047 CET50131445192.168.2.6134.64.132.107
                                                      Jan 14, 2025 22:42:46.419598103 CET50131445192.168.2.6134.64.132.107
                                                      Jan 14, 2025 22:42:46.419780016 CET50132445192.168.2.6134.64.132.1
                                                      Jan 14, 2025 22:42:46.424544096 CET44550131134.64.132.107192.168.2.6
                                                      Jan 14, 2025 22:42:46.424566031 CET44550132134.64.132.1192.168.2.6
                                                      Jan 14, 2025 22:42:46.424601078 CET50131445192.168.2.6134.64.132.107
                                                      Jan 14, 2025 22:42:46.424663067 CET50132445192.168.2.6134.64.132.1
                                                      Jan 14, 2025 22:42:46.424752951 CET50132445192.168.2.6134.64.132.1
                                                      Jan 14, 2025 22:42:46.425678968 CET50133445192.168.2.6134.64.132.1
                                                      Jan 14, 2025 22:42:46.429627895 CET44550132134.64.132.1192.168.2.6
                                                      Jan 14, 2025 22:42:46.429680109 CET50132445192.168.2.6134.64.132.1
                                                      Jan 14, 2025 22:42:46.430555105 CET44550133134.64.132.1192.168.2.6
                                                      Jan 14, 2025 22:42:46.430612087 CET50133445192.168.2.6134.64.132.1
                                                      Jan 14, 2025 22:42:46.430654049 CET50133445192.168.2.6134.64.132.1
                                                      Jan 14, 2025 22:42:46.435571909 CET44550133134.64.132.1192.168.2.6
                                                      Jan 14, 2025 22:42:47.571841002 CET4454978018.1.0.1192.168.2.6
                                                      Jan 14, 2025 22:42:47.571903944 CET49780445192.168.2.618.1.0.1
                                                      Jan 14, 2025 22:42:47.571955919 CET49780445192.168.2.618.1.0.1
                                                      Jan 14, 2025 22:42:47.572011948 CET49780445192.168.2.618.1.0.1
                                                      Jan 14, 2025 22:42:47.576754093 CET4454978018.1.0.1192.168.2.6
                                                      Jan 14, 2025 22:42:47.576766014 CET4454978018.1.0.1192.168.2.6
                                                      Jan 14, 2025 22:42:48.429814100 CET50176445192.168.2.6101.183.122.42
                                                      Jan 14, 2025 22:42:48.437288046 CET44550176101.183.122.42192.168.2.6
                                                      Jan 14, 2025 22:42:48.437359095 CET50176445192.168.2.6101.183.122.42
                                                      Jan 14, 2025 22:42:48.437381029 CET50176445192.168.2.6101.183.122.42
                                                      Jan 14, 2025 22:42:48.437536001 CET50178445192.168.2.6101.183.122.1
                                                      Jan 14, 2025 22:42:48.445220947 CET44550178101.183.122.1192.168.2.6
                                                      Jan 14, 2025 22:42:48.446362972 CET44550176101.183.122.42192.168.2.6
                                                      Jan 14, 2025 22:42:48.446477890 CET50176445192.168.2.6101.183.122.42
                                                      Jan 14, 2025 22:42:48.446491957 CET50178445192.168.2.6101.183.122.1
                                                      Jan 14, 2025 22:42:48.446578979 CET50178445192.168.2.6101.183.122.1
                                                      Jan 14, 2025 22:42:48.447180986 CET50179445192.168.2.6101.183.122.1
                                                      Jan 14, 2025 22:42:48.451718092 CET44550178101.183.122.1192.168.2.6
                                                      Jan 14, 2025 22:42:48.451879025 CET44550179101.183.122.1192.168.2.6
                                                      Jan 14, 2025 22:42:48.451936960 CET50178445192.168.2.6101.183.122.1
                                                      Jan 14, 2025 22:42:48.451967001 CET50179445192.168.2.6101.183.122.1
                                                      Jan 14, 2025 22:42:48.452043056 CET50179445192.168.2.6101.183.122.1
                                                      Jan 14, 2025 22:42:48.456875086 CET44550179101.183.122.1192.168.2.6
                                                      Jan 14, 2025 22:42:49.606513977 CET445498116.147.7.1192.168.2.6
                                                      Jan 14, 2025 22:42:49.606610060 CET49811445192.168.2.66.147.7.1
                                                      Jan 14, 2025 22:42:49.619988918 CET49811445192.168.2.66.147.7.1
                                                      Jan 14, 2025 22:42:49.620098114 CET49811445192.168.2.66.147.7.1
                                                      Jan 14, 2025 22:42:49.624902010 CET445498116.147.7.1192.168.2.6
                                                      Jan 14, 2025 22:42:49.624922037 CET445498116.147.7.1192.168.2.6
                                                      Jan 14, 2025 22:42:50.445931911 CET50210445192.168.2.678.63.44.240
                                                      Jan 14, 2025 22:42:50.450776100 CET4455021078.63.44.240192.168.2.6
                                                      Jan 14, 2025 22:42:50.450866938 CET50210445192.168.2.678.63.44.240
                                                      Jan 14, 2025 22:42:50.450947046 CET50210445192.168.2.678.63.44.240
                                                      Jan 14, 2025 22:42:50.451180935 CET50211445192.168.2.678.63.44.1
                                                      Jan 14, 2025 22:42:50.455841064 CET4455021078.63.44.240192.168.2.6
                                                      Jan 14, 2025 22:42:50.455895901 CET50210445192.168.2.678.63.44.240
                                                      Jan 14, 2025 22:42:50.455903053 CET4455021178.63.44.1192.168.2.6
                                                      Jan 14, 2025 22:42:50.456012964 CET50211445192.168.2.678.63.44.1
                                                      Jan 14, 2025 22:42:50.456053972 CET50211445192.168.2.678.63.44.1
                                                      Jan 14, 2025 22:42:50.456399918 CET50212445192.168.2.678.63.44.1
                                                      Jan 14, 2025 22:42:50.461050987 CET4455021178.63.44.1192.168.2.6
                                                      Jan 14, 2025 22:42:50.461208105 CET4455021278.63.44.1192.168.2.6
                                                      Jan 14, 2025 22:42:50.461225033 CET50211445192.168.2.678.63.44.1
                                                      Jan 14, 2025 22:42:50.461272001 CET50212445192.168.2.678.63.44.1
                                                      Jan 14, 2025 22:42:50.461323977 CET50212445192.168.2.678.63.44.1
                                                      Jan 14, 2025 22:42:50.466114044 CET4455021278.63.44.1192.168.2.6
                                                      Jan 14, 2025 22:42:50.586312056 CET50218445192.168.2.618.1.0.1
                                                      Jan 14, 2025 22:42:50.591067076 CET4455021818.1.0.1192.168.2.6
                                                      Jan 14, 2025 22:42:50.591130018 CET50218445192.168.2.618.1.0.1
                                                      Jan 14, 2025 22:42:50.591212034 CET50218445192.168.2.618.1.0.1
                                                      Jan 14, 2025 22:42:50.595938921 CET4455021818.1.0.1192.168.2.6
                                                      Jan 14, 2025 22:42:51.881254911 CET44549849198.205.43.1192.168.2.6
                                                      Jan 14, 2025 22:42:51.881320953 CET49849445192.168.2.6198.205.43.1
                                                      Jan 14, 2025 22:42:51.881371975 CET49849445192.168.2.6198.205.43.1
                                                      Jan 14, 2025 22:42:51.881436110 CET49849445192.168.2.6198.205.43.1
                                                      Jan 14, 2025 22:42:51.886171103 CET44549849198.205.43.1192.168.2.6
                                                      Jan 14, 2025 22:42:51.886209965 CET44549849198.205.43.1192.168.2.6
                                                      Jan 14, 2025 22:42:52.476037025 CET50243445192.168.2.6197.9.206.2
                                                      Jan 14, 2025 22:42:52.480813980 CET44550243197.9.206.2192.168.2.6
                                                      Jan 14, 2025 22:42:52.480909109 CET50243445192.168.2.6197.9.206.2
                                                      Jan 14, 2025 22:42:52.481061935 CET50243445192.168.2.6197.9.206.2
                                                      Jan 14, 2025 22:42:52.481267929 CET50244445192.168.2.6197.9.206.1
                                                      Jan 14, 2025 22:42:52.485865116 CET44550243197.9.206.2192.168.2.6
                                                      Jan 14, 2025 22:42:52.485923052 CET50243445192.168.2.6197.9.206.2
                                                      Jan 14, 2025 22:42:52.486074924 CET44550244197.9.206.1192.168.2.6
                                                      Jan 14, 2025 22:42:52.486181021 CET50244445192.168.2.6197.9.206.1
                                                      Jan 14, 2025 22:42:52.486268044 CET50244445192.168.2.6197.9.206.1
                                                      Jan 14, 2025 22:42:52.487143993 CET50246445192.168.2.6197.9.206.1
                                                      Jan 14, 2025 22:42:52.491842031 CET44550244197.9.206.1192.168.2.6
                                                      Jan 14, 2025 22:42:52.491899967 CET50244445192.168.2.6197.9.206.1
                                                      Jan 14, 2025 22:42:52.492227077 CET44550246197.9.206.1192.168.2.6
                                                      Jan 14, 2025 22:42:52.492553949 CET50246445192.168.2.6197.9.206.1
                                                      Jan 14, 2025 22:42:52.492640018 CET50246445192.168.2.6197.9.206.1
                                                      Jan 14, 2025 22:42:52.497374058 CET44550246197.9.206.1192.168.2.6
                                                      Jan 14, 2025 22:42:52.635761976 CET50247445192.168.2.66.147.7.1
                                                      Jan 14, 2025 22:42:52.641120911 CET445502476.147.7.1192.168.2.6
                                                      Jan 14, 2025 22:42:52.643028021 CET50247445192.168.2.66.147.7.1
                                                      Jan 14, 2025 22:42:52.643616915 CET50247445192.168.2.66.147.7.1
                                                      Jan 14, 2025 22:42:52.648446083 CET445502476.147.7.1192.168.2.6
                                                      Jan 14, 2025 22:42:53.634722948 CET4454987577.226.237.1192.168.2.6
                                                      Jan 14, 2025 22:42:53.634793997 CET49875445192.168.2.677.226.237.1
                                                      Jan 14, 2025 22:42:53.634830952 CET49875445192.168.2.677.226.237.1
                                                      Jan 14, 2025 22:42:53.634896040 CET49875445192.168.2.677.226.237.1
                                                      Jan 14, 2025 22:42:53.639601946 CET4454987577.226.237.1192.168.2.6
                                                      Jan 14, 2025 22:42:53.639614105 CET4454987577.226.237.1192.168.2.6
                                                      Jan 14, 2025 22:42:54.477499962 CET50258445192.168.2.6204.188.17.57
                                                      Jan 14, 2025 22:42:54.482296944 CET44550258204.188.17.57192.168.2.6
                                                      Jan 14, 2025 22:42:54.482412100 CET50258445192.168.2.6204.188.17.57
                                                      Jan 14, 2025 22:42:54.482495070 CET50258445192.168.2.6204.188.17.57
                                                      Jan 14, 2025 22:42:54.482719898 CET50259445192.168.2.6204.188.17.1
                                                      Jan 14, 2025 22:42:54.487582922 CET44550258204.188.17.57192.168.2.6
                                                      Jan 14, 2025 22:42:54.487596035 CET44550259204.188.17.1192.168.2.6
                                                      Jan 14, 2025 22:42:54.487651110 CET50258445192.168.2.6204.188.17.57
                                                      Jan 14, 2025 22:42:54.487682104 CET50259445192.168.2.6204.188.17.1
                                                      Jan 14, 2025 22:42:54.487732887 CET50259445192.168.2.6204.188.17.1
                                                      Jan 14, 2025 22:42:54.488218069 CET50260445192.168.2.6204.188.17.1
                                                      Jan 14, 2025 22:42:54.492613077 CET44550259204.188.17.1192.168.2.6
                                                      Jan 14, 2025 22:42:54.492679119 CET50259445192.168.2.6204.188.17.1
                                                      Jan 14, 2025 22:42:54.493021011 CET44550260204.188.17.1192.168.2.6
                                                      Jan 14, 2025 22:42:54.493560076 CET50260445192.168.2.6204.188.17.1
                                                      Jan 14, 2025 22:42:54.493685961 CET50260445192.168.2.6204.188.17.1
                                                      Jan 14, 2025 22:42:54.498460054 CET44550260204.188.17.1192.168.2.6
                                                      Jan 14, 2025 22:42:54.882805109 CET50266445192.168.2.6198.205.43.1
                                                      Jan 14, 2025 22:42:54.887639046 CET44550266198.205.43.1192.168.2.6
                                                      Jan 14, 2025 22:42:54.887712002 CET50266445192.168.2.6198.205.43.1
                                                      Jan 14, 2025 22:42:54.887770891 CET50266445192.168.2.6198.205.43.1
                                                      Jan 14, 2025 22:42:54.892482996 CET44550266198.205.43.1192.168.2.6
                                                      Jan 14, 2025 22:42:55.227741003 CET44550246197.9.206.1192.168.2.6
                                                      Jan 14, 2025 22:42:55.227837086 CET50246445192.168.2.6197.9.206.1
                                                      Jan 14, 2025 22:42:55.227905989 CET50246445192.168.2.6197.9.206.1
                                                      Jan 14, 2025 22:42:55.227951050 CET50246445192.168.2.6197.9.206.1
                                                      Jan 14, 2025 22:42:55.232734919 CET44550246197.9.206.1192.168.2.6
                                                      Jan 14, 2025 22:42:55.232755899 CET44550246197.9.206.1192.168.2.6
                                                      Jan 14, 2025 22:42:55.649303913 CET44549912107.175.251.1192.168.2.6
                                                      Jan 14, 2025 22:42:55.649395943 CET49912445192.168.2.6107.175.251.1
                                                      Jan 14, 2025 22:42:55.652510881 CET49912445192.168.2.6107.175.251.1
                                                      Jan 14, 2025 22:42:55.652621031 CET49912445192.168.2.6107.175.251.1
                                                      Jan 14, 2025 22:42:55.657449961 CET44549912107.175.251.1192.168.2.6
                                                      Jan 14, 2025 22:42:55.657478094 CET44549912107.175.251.1192.168.2.6
                                                      Jan 14, 2025 22:42:56.492439032 CET50276445192.168.2.687.122.116.245
                                                      Jan 14, 2025 22:42:56.497206926 CET4455027687.122.116.245192.168.2.6
                                                      Jan 14, 2025 22:42:56.497281075 CET50276445192.168.2.687.122.116.245
                                                      Jan 14, 2025 22:42:56.497354984 CET50276445192.168.2.687.122.116.245
                                                      Jan 14, 2025 22:42:56.497518063 CET50277445192.168.2.687.122.116.1
                                                      Jan 14, 2025 22:42:56.502347946 CET4455027687.122.116.245192.168.2.6
                                                      Jan 14, 2025 22:42:56.502408028 CET50276445192.168.2.687.122.116.245
                                                      Jan 14, 2025 22:42:56.503365040 CET4455027787.122.116.1192.168.2.6
                                                      Jan 14, 2025 22:42:56.503427982 CET50277445192.168.2.687.122.116.1
                                                      Jan 14, 2025 22:42:56.503488064 CET50277445192.168.2.687.122.116.1
                                                      Jan 14, 2025 22:42:56.503849983 CET50278445192.168.2.687.122.116.1
                                                      Jan 14, 2025 22:42:56.508610010 CET4455027887.122.116.1192.168.2.6
                                                      Jan 14, 2025 22:42:56.508651972 CET4455027787.122.116.1192.168.2.6
                                                      Jan 14, 2025 22:42:56.508671045 CET50278445192.168.2.687.122.116.1
                                                      Jan 14, 2025 22:42:56.508697987 CET50277445192.168.2.687.122.116.1
                                                      Jan 14, 2025 22:42:56.508750916 CET50278445192.168.2.687.122.116.1
                                                      Jan 14, 2025 22:42:56.513653994 CET4455027887.122.116.1192.168.2.6
                                                      Jan 14, 2025 22:42:56.648360014 CET50280445192.168.2.677.226.237.1
                                                      Jan 14, 2025 22:42:56.653183937 CET4455028077.226.237.1192.168.2.6
                                                      Jan 14, 2025 22:42:56.653297901 CET50280445192.168.2.677.226.237.1
                                                      Jan 14, 2025 22:42:56.653350115 CET50280445192.168.2.677.226.237.1
                                                      Jan 14, 2025 22:42:56.658162117 CET4455028077.226.237.1192.168.2.6
                                                      Jan 14, 2025 22:42:57.714011908 CET4454994637.134.68.1192.168.2.6
                                                      Jan 14, 2025 22:42:57.714205980 CET49946445192.168.2.637.134.68.1
                                                      Jan 14, 2025 22:42:57.714205980 CET49946445192.168.2.637.134.68.1
                                                      Jan 14, 2025 22:42:57.714322090 CET49946445192.168.2.637.134.68.1
                                                      Jan 14, 2025 22:42:57.719036102 CET4454994637.134.68.1192.168.2.6
                                                      Jan 14, 2025 22:42:57.719258070 CET4454994637.134.68.1192.168.2.6
                                                      Jan 14, 2025 22:42:58.242208004 CET50291445192.168.2.6197.9.206.1
                                                      Jan 14, 2025 22:42:58.247025013 CET44550291197.9.206.1192.168.2.6
                                                      Jan 14, 2025 22:42:58.247646093 CET50291445192.168.2.6197.9.206.1
                                                      Jan 14, 2025 22:42:58.247793913 CET50291445192.168.2.6197.9.206.1
                                                      Jan 14, 2025 22:42:58.252605915 CET44550291197.9.206.1192.168.2.6
                                                      Jan 14, 2025 22:42:58.668035984 CET50294445192.168.2.6107.175.251.1
                                                      Jan 14, 2025 22:42:58.791402102 CET50295445192.168.2.6136.139.192.57
                                                      Jan 14, 2025 22:42:58.820204973 CET44550294107.175.251.1192.168.2.6
                                                      Jan 14, 2025 22:42:58.820242882 CET44550295136.139.192.57192.168.2.6
                                                      Jan 14, 2025 22:42:58.820302963 CET50294445192.168.2.6107.175.251.1
                                                      Jan 14, 2025 22:42:58.820480108 CET50295445192.168.2.6136.139.192.57
                                                      Jan 14, 2025 22:42:58.859590054 CET50294445192.168.2.6107.175.251.1
                                                      Jan 14, 2025 22:42:58.859672070 CET50295445192.168.2.6136.139.192.57
                                                      Jan 14, 2025 22:42:58.859894991 CET50297445192.168.2.6136.139.192.1
                                                      Jan 14, 2025 22:42:58.864434004 CET44550294107.175.251.1192.168.2.6
                                                      Jan 14, 2025 22:42:58.864628077 CET44550295136.139.192.57192.168.2.6
                                                      Jan 14, 2025 22:42:58.864691973 CET50295445192.168.2.6136.139.192.57
                                                      Jan 14, 2025 22:42:58.864743948 CET44550297136.139.192.1192.168.2.6
                                                      Jan 14, 2025 22:42:58.864805937 CET50297445192.168.2.6136.139.192.1
                                                      Jan 14, 2025 22:42:58.873986006 CET50297445192.168.2.6136.139.192.1
                                                      Jan 14, 2025 22:42:58.878901958 CET44550297136.139.192.1192.168.2.6
                                                      Jan 14, 2025 22:42:58.878962994 CET50297445192.168.2.6136.139.192.1
                                                      Jan 14, 2025 22:42:58.895915985 CET50298445192.168.2.6136.139.192.1
                                                      Jan 14, 2025 22:42:58.900770903 CET44550298136.139.192.1192.168.2.6
                                                      Jan 14, 2025 22:42:58.900896072 CET50298445192.168.2.6136.139.192.1
                                                      Jan 14, 2025 22:42:58.900896072 CET50298445192.168.2.6136.139.192.1
                                                      Jan 14, 2025 22:42:58.905837059 CET44550298136.139.192.1192.168.2.6
                                                      Jan 14, 2025 22:42:59.758824110 CET44549985219.121.211.1192.168.2.6
                                                      Jan 14, 2025 22:42:59.758903027 CET49985445192.168.2.6219.121.211.1
                                                      Jan 14, 2025 22:42:59.759540081 CET49985445192.168.2.6219.121.211.1
                                                      Jan 14, 2025 22:42:59.759579897 CET49985445192.168.2.6219.121.211.1
                                                      Jan 14, 2025 22:42:59.764394999 CET44549985219.121.211.1192.168.2.6
                                                      Jan 14, 2025 22:42:59.764436007 CET44549985219.121.211.1192.168.2.6
                                                      Jan 14, 2025 22:43:00.117089987 CET44550291197.9.206.1192.168.2.6
                                                      Jan 14, 2025 22:43:00.117167950 CET50291445192.168.2.6197.9.206.1
                                                      Jan 14, 2025 22:43:00.117321014 CET50291445192.168.2.6197.9.206.1
                                                      Jan 14, 2025 22:43:00.117367983 CET50291445192.168.2.6197.9.206.1
                                                      Jan 14, 2025 22:43:00.122102022 CET44550291197.9.206.1192.168.2.6
                                                      Jan 14, 2025 22:43:00.122112036 CET44550291197.9.206.1192.168.2.6
                                                      Jan 14, 2025 22:43:00.179513931 CET50308445192.168.2.6197.9.206.2
                                                      Jan 14, 2025 22:43:00.184423923 CET44550308197.9.206.2192.168.2.6
                                                      Jan 14, 2025 22:43:00.184607029 CET50308445192.168.2.6197.9.206.2
                                                      Jan 14, 2025 22:43:00.184638977 CET50308445192.168.2.6197.9.206.2
                                                      Jan 14, 2025 22:43:00.185066938 CET50309445192.168.2.6197.9.206.2
                                                      Jan 14, 2025 22:43:00.189579964 CET44550308197.9.206.2192.168.2.6
                                                      Jan 14, 2025 22:43:00.189634085 CET50308445192.168.2.6197.9.206.2
                                                      Jan 14, 2025 22:43:00.189884901 CET44550309197.9.206.2192.168.2.6
                                                      Jan 14, 2025 22:43:00.189955950 CET50309445192.168.2.6197.9.206.2
                                                      Jan 14, 2025 22:43:00.189976931 CET50309445192.168.2.6197.9.206.2
                                                      Jan 14, 2025 22:43:00.194809914 CET44550309197.9.206.2192.168.2.6
                                                      Jan 14, 2025 22:43:00.648876905 CET50313445192.168.2.648.168.78.156
                                                      Jan 14, 2025 22:43:00.654798031 CET4455031348.168.78.156192.168.2.6
                                                      Jan 14, 2025 22:43:00.655301094 CET50313445192.168.2.648.168.78.156
                                                      Jan 14, 2025 22:43:00.655448914 CET50313445192.168.2.648.168.78.156
                                                      Jan 14, 2025 22:43:00.655725002 CET50314445192.168.2.648.168.78.1
                                                      Jan 14, 2025 22:43:00.660612106 CET4455031448.168.78.1192.168.2.6
                                                      Jan 14, 2025 22:43:00.660767078 CET4455031348.168.78.156192.168.2.6
                                                      Jan 14, 2025 22:43:00.660866022 CET50314445192.168.2.648.168.78.1
                                                      Jan 14, 2025 22:43:00.660867929 CET50313445192.168.2.648.168.78.156
                                                      Jan 14, 2025 22:43:00.660917997 CET50314445192.168.2.648.168.78.1
                                                      Jan 14, 2025 22:43:00.662658930 CET50315445192.168.2.648.168.78.1
                                                      Jan 14, 2025 22:43:00.666342020 CET4455031448.168.78.1192.168.2.6
                                                      Jan 14, 2025 22:43:00.667155981 CET50314445192.168.2.648.168.78.1
                                                      Jan 14, 2025 22:43:00.667522907 CET4455031548.168.78.1192.168.2.6
                                                      Jan 14, 2025 22:43:00.668345928 CET50315445192.168.2.648.168.78.1
                                                      Jan 14, 2025 22:43:00.668345928 CET50315445192.168.2.648.168.78.1
                                                      Jan 14, 2025 22:43:00.673124075 CET4455031548.168.78.1192.168.2.6
                                                      Jan 14, 2025 22:43:00.726547956 CET50317445192.168.2.637.134.68.1
                                                      Jan 14, 2025 22:43:00.731446981 CET4455031737.134.68.1192.168.2.6
                                                      Jan 14, 2025 22:43:00.736578941 CET50317445192.168.2.637.134.68.1
                                                      Jan 14, 2025 22:43:00.736578941 CET50317445192.168.2.637.134.68.1
                                                      Jan 14, 2025 22:43:00.741437912 CET4455031737.134.68.1192.168.2.6
                                                      Jan 14, 2025 22:43:01.774346113 CET44550017149.173.236.1192.168.2.6
                                                      Jan 14, 2025 22:43:01.774451017 CET50017445192.168.2.6149.173.236.1
                                                      Jan 14, 2025 22:43:01.776664972 CET50017445192.168.2.6149.173.236.1
                                                      Jan 14, 2025 22:43:01.776702881 CET50017445192.168.2.6149.173.236.1
                                                      Jan 14, 2025 22:43:01.781552076 CET44550017149.173.236.1192.168.2.6
                                                      Jan 14, 2025 22:43:01.781584978 CET44550017149.173.236.1192.168.2.6
                                                      Jan 14, 2025 22:43:02.524275064 CET50327445192.168.2.675.65.143.16
                                                      Jan 14, 2025 22:43:02.530083895 CET4455032775.65.143.16192.168.2.6
                                                      Jan 14, 2025 22:43:02.530174971 CET50327445192.168.2.675.65.143.16
                                                      Jan 14, 2025 22:43:02.530284882 CET50327445192.168.2.675.65.143.16
                                                      Jan 14, 2025 22:43:02.530524015 CET50328445192.168.2.675.65.143.1
                                                      Jan 14, 2025 22:43:02.535238981 CET4455032775.65.143.16192.168.2.6
                                                      Jan 14, 2025 22:43:02.535290003 CET4455032875.65.143.1192.168.2.6
                                                      Jan 14, 2025 22:43:02.535298109 CET50327445192.168.2.675.65.143.16
                                                      Jan 14, 2025 22:43:02.535343885 CET50328445192.168.2.675.65.143.1
                                                      Jan 14, 2025 22:43:02.535496950 CET50328445192.168.2.675.65.143.1
                                                      Jan 14, 2025 22:43:02.535805941 CET50329445192.168.2.675.65.143.1
                                                      Jan 14, 2025 22:43:02.540329933 CET4455032875.65.143.1192.168.2.6
                                                      Jan 14, 2025 22:43:02.540415049 CET50328445192.168.2.675.65.143.1
                                                      Jan 14, 2025 22:43:02.540591955 CET4455032975.65.143.1192.168.2.6
                                                      Jan 14, 2025 22:43:02.540671110 CET50329445192.168.2.675.65.143.1
                                                      Jan 14, 2025 22:43:02.540740967 CET50329445192.168.2.675.65.143.1
                                                      Jan 14, 2025 22:43:02.545490026 CET4455032975.65.143.1192.168.2.6
                                                      Jan 14, 2025 22:43:02.773279905 CET50330445192.168.2.6219.121.211.1
                                                      Jan 14, 2025 22:43:02.778084993 CET44550330219.121.211.1192.168.2.6
                                                      Jan 14, 2025 22:43:02.778158903 CET50330445192.168.2.6219.121.211.1
                                                      Jan 14, 2025 22:43:02.778187990 CET50330445192.168.2.6219.121.211.1
                                                      Jan 14, 2025 22:43:02.782948971 CET44550330219.121.211.1192.168.2.6
                                                      Jan 14, 2025 22:43:03.791876078 CET44550056147.244.118.1192.168.2.6
                                                      Jan 14, 2025 22:43:03.792006969 CET50056445192.168.2.6147.244.118.1
                                                      Jan 14, 2025 22:43:03.792006969 CET50056445192.168.2.6147.244.118.1
                                                      Jan 14, 2025 22:43:03.792310953 CET50056445192.168.2.6147.244.118.1
                                                      Jan 14, 2025 22:43:03.796813965 CET44550056147.244.118.1192.168.2.6
                                                      Jan 14, 2025 22:43:03.797137022 CET44550056147.244.118.1192.168.2.6
                                                      Jan 14, 2025 22:43:04.273587942 CET50331445192.168.2.698.97.187.115
                                                      Jan 14, 2025 22:43:04.278444052 CET4455033198.97.187.115192.168.2.6
                                                      Jan 14, 2025 22:43:04.278533936 CET50331445192.168.2.698.97.187.115
                                                      Jan 14, 2025 22:43:04.278814077 CET50331445192.168.2.698.97.187.115
                                                      Jan 14, 2025 22:43:04.278968096 CET50332445192.168.2.698.97.187.1
                                                      Jan 14, 2025 22:43:04.283642054 CET4455033198.97.187.115192.168.2.6
                                                      Jan 14, 2025 22:43:04.283730984 CET4455033298.97.187.1192.168.2.6
                                                      Jan 14, 2025 22:43:04.283768892 CET50331445192.168.2.698.97.187.115
                                                      Jan 14, 2025 22:43:04.283812046 CET50332445192.168.2.698.97.187.1
                                                      Jan 14, 2025 22:43:04.283957005 CET50332445192.168.2.698.97.187.1
                                                      Jan 14, 2025 22:43:04.284344912 CET50333445192.168.2.698.97.187.1
                                                      Jan 14, 2025 22:43:04.288781881 CET4455033298.97.187.1192.168.2.6
                                                      Jan 14, 2025 22:43:04.288841009 CET50332445192.168.2.698.97.187.1
                                                      Jan 14, 2025 22:43:04.289132118 CET4455033398.97.187.1192.168.2.6
                                                      Jan 14, 2025 22:43:04.289201021 CET50333445192.168.2.698.97.187.1
                                                      Jan 14, 2025 22:43:04.289227962 CET50333445192.168.2.698.97.187.1
                                                      Jan 14, 2025 22:43:04.294070005 CET4455033398.97.187.1192.168.2.6
                                                      Jan 14, 2025 22:43:04.803194046 CET50334445192.168.2.6149.173.236.1
                                                      Jan 14, 2025 22:43:04.808082104 CET44550334149.173.236.1192.168.2.6
                                                      Jan 14, 2025 22:43:04.808155060 CET50334445192.168.2.6149.173.236.1
                                                      Jan 14, 2025 22:43:04.812808990 CET50334445192.168.2.6149.173.236.1
                                                      Jan 14, 2025 22:43:04.817585945 CET44550334149.173.236.1192.168.2.6
                                                      Jan 14, 2025 22:43:05.805394888 CET44550095144.165.243.1192.168.2.6
                                                      Jan 14, 2025 22:43:05.805461884 CET50095445192.168.2.6144.165.243.1
                                                      Jan 14, 2025 22:43:05.805510998 CET50095445192.168.2.6144.165.243.1
                                                      Jan 14, 2025 22:43:05.805567980 CET50095445192.168.2.6144.165.243.1
                                                      Jan 14, 2025 22:43:05.810343027 CET44550095144.165.243.1192.168.2.6
                                                      Jan 14, 2025 22:43:05.810450077 CET44550095144.165.243.1192.168.2.6
                                                      Jan 14, 2025 22:43:05.914290905 CET50335445192.168.2.615.116.122.57
                                                      Jan 14, 2025 22:43:06.077455044 CET4455033515.116.122.57192.168.2.6
                                                      Jan 14, 2025 22:43:06.077537060 CET50335445192.168.2.615.116.122.57
                                                      Jan 14, 2025 22:43:06.077604055 CET50335445192.168.2.615.116.122.57
                                                      Jan 14, 2025 22:43:06.077827930 CET50336445192.168.2.615.116.122.1
                                                      Jan 14, 2025 22:43:06.082475901 CET4455033515.116.122.57192.168.2.6
                                                      Jan 14, 2025 22:43:06.082663059 CET4455033515.116.122.57192.168.2.6
                                                      Jan 14, 2025 22:43:06.082678080 CET4455033615.116.122.1192.168.2.6
                                                      Jan 14, 2025 22:43:06.082710028 CET50335445192.168.2.615.116.122.57
                                                      Jan 14, 2025 22:43:06.082761049 CET50336445192.168.2.615.116.122.1
                                                      Jan 14, 2025 22:43:06.082834005 CET50336445192.168.2.615.116.122.1
                                                      Jan 14, 2025 22:43:06.083226919 CET50337445192.168.2.615.116.122.1
                                                      Jan 14, 2025 22:43:06.087899923 CET4455033615.116.122.1192.168.2.6
                                                      Jan 14, 2025 22:43:06.087955952 CET50336445192.168.2.615.116.122.1
                                                      Jan 14, 2025 22:43:06.088044882 CET4455033715.116.122.1192.168.2.6
                                                      Jan 14, 2025 22:43:06.088108063 CET50337445192.168.2.615.116.122.1
                                                      Jan 14, 2025 22:43:06.088404894 CET50337445192.168.2.615.116.122.1
                                                      Jan 14, 2025 22:43:06.093220949 CET4455033715.116.122.1192.168.2.6
                                                      Jan 14, 2025 22:43:06.804723978 CET50338445192.168.2.6147.244.118.1
                                                      Jan 14, 2025 22:43:06.809523106 CET44550338147.244.118.1192.168.2.6
                                                      Jan 14, 2025 22:43:06.809765100 CET50338445192.168.2.6147.244.118.1
                                                      Jan 14, 2025 22:43:06.809901953 CET50338445192.168.2.6147.244.118.1
                                                      Jan 14, 2025 22:43:06.814634085 CET44550338147.244.118.1192.168.2.6
                                                      Jan 14, 2025 22:43:07.475043058 CET50339445192.168.2.6162.104.87.50
                                                      Jan 14, 2025 22:43:07.479890108 CET44550339162.104.87.50192.168.2.6
                                                      Jan 14, 2025 22:43:07.482665062 CET50339445192.168.2.6162.104.87.50
                                                      Jan 14, 2025 22:43:07.508075953 CET50339445192.168.2.6162.104.87.50
                                                      Jan 14, 2025 22:43:07.512991905 CET44550339162.104.87.50192.168.2.6
                                                      Jan 14, 2025 22:43:07.513096094 CET50339445192.168.2.6162.104.87.50
                                                      Jan 14, 2025 22:43:07.531529903 CET50340445192.168.2.6162.104.87.1
                                                      Jan 14, 2025 22:43:07.536381006 CET44550340162.104.87.1192.168.2.6
                                                      Jan 14, 2025 22:43:07.536490917 CET50340445192.168.2.6162.104.87.1
                                                      Jan 14, 2025 22:43:07.536688089 CET50340445192.168.2.6162.104.87.1
                                                      Jan 14, 2025 22:43:07.540107965 CET50341445192.168.2.6162.104.87.1
                                                      Jan 14, 2025 22:43:07.541521072 CET44550340162.104.87.1192.168.2.6
                                                      Jan 14, 2025 22:43:07.541610003 CET50340445192.168.2.6162.104.87.1
                                                      Jan 14, 2025 22:43:07.544964075 CET44550341162.104.87.1192.168.2.6
                                                      Jan 14, 2025 22:43:07.545082092 CET50341445192.168.2.6162.104.87.1
                                                      Jan 14, 2025 22:43:07.545121908 CET50341445192.168.2.6162.104.87.1
                                                      Jan 14, 2025 22:43:07.549962044 CET44550341162.104.87.1192.168.2.6
                                                      Jan 14, 2025 22:43:07.821024895 CET44550133134.64.132.1192.168.2.6
                                                      Jan 14, 2025 22:43:07.821135044 CET50133445192.168.2.6134.64.132.1
                                                      Jan 14, 2025 22:43:07.857773066 CET50133445192.168.2.6134.64.132.1
                                                      Jan 14, 2025 22:43:07.857825041 CET50133445192.168.2.6134.64.132.1
                                                      Jan 14, 2025 22:43:07.862782955 CET44550133134.64.132.1192.168.2.6
                                                      Jan 14, 2025 22:43:07.862817049 CET44550133134.64.132.1192.168.2.6
                                                      Jan 14, 2025 22:43:08.820151091 CET50343445192.168.2.6144.165.243.1
                                                      Jan 14, 2025 22:43:08.825026035 CET44550343144.165.243.1192.168.2.6
                                                      Jan 14, 2025 22:43:08.825113058 CET50343445192.168.2.6144.165.243.1
                                                      Jan 14, 2025 22:43:08.825131893 CET50343445192.168.2.6144.165.243.1
                                                      Jan 14, 2025 22:43:08.829960108 CET44550343144.165.243.1192.168.2.6
                                                      Jan 14, 2025 22:43:08.898756027 CET50344445192.168.2.676.252.20.92
                                                      Jan 14, 2025 22:43:08.903677940 CET4455034476.252.20.92192.168.2.6
                                                      Jan 14, 2025 22:43:08.903762102 CET50344445192.168.2.676.252.20.92
                                                      Jan 14, 2025 22:43:08.903793097 CET50344445192.168.2.676.252.20.92
                                                      Jan 14, 2025 22:43:08.903987885 CET50345445192.168.2.676.252.20.1
                                                      Jan 14, 2025 22:43:08.908706903 CET4455034476.252.20.92192.168.2.6
                                                      Jan 14, 2025 22:43:08.908763885 CET4455034576.252.20.1192.168.2.6
                                                      Jan 14, 2025 22:43:08.908816099 CET50344445192.168.2.676.252.20.92
                                                      Jan 14, 2025 22:43:08.908845901 CET50345445192.168.2.676.252.20.1
                                                      Jan 14, 2025 22:43:08.909090996 CET50345445192.168.2.676.252.20.1
                                                      Jan 14, 2025 22:43:08.909302950 CET50346445192.168.2.676.252.20.1
                                                      Jan 14, 2025 22:43:08.913952112 CET4455034576.252.20.1192.168.2.6
                                                      Jan 14, 2025 22:43:08.914031029 CET50345445192.168.2.676.252.20.1
                                                      Jan 14, 2025 22:43:08.914120913 CET4455034676.252.20.1192.168.2.6
                                                      Jan 14, 2025 22:43:08.914187908 CET50346445192.168.2.676.252.20.1
                                                      Jan 14, 2025 22:43:08.914236069 CET50346445192.168.2.676.252.20.1
                                                      Jan 14, 2025 22:43:08.919014931 CET4455034676.252.20.1192.168.2.6
                                                      Jan 14, 2025 22:43:09.850580931 CET44550179101.183.122.1192.168.2.6
                                                      Jan 14, 2025 22:43:09.850698948 CET50179445192.168.2.6101.183.122.1
                                                      Jan 14, 2025 22:43:09.850785017 CET50179445192.168.2.6101.183.122.1
                                                      Jan 14, 2025 22:43:09.850785017 CET50179445192.168.2.6101.183.122.1
                                                      Jan 14, 2025 22:43:09.855588913 CET44550179101.183.122.1192.168.2.6
                                                      Jan 14, 2025 22:43:09.855602980 CET44550179101.183.122.1192.168.2.6
                                                      Jan 14, 2025 22:43:10.226994991 CET50347445192.168.2.618.142.24.211
                                                      Jan 14, 2025 22:43:10.231765032 CET4455034718.142.24.211192.168.2.6
                                                      Jan 14, 2025 22:43:10.231853008 CET50347445192.168.2.618.142.24.211
                                                      Jan 14, 2025 22:43:10.232088089 CET50347445192.168.2.618.142.24.211
                                                      Jan 14, 2025 22:43:10.232088089 CET50348445192.168.2.618.142.24.1
                                                      Jan 14, 2025 22:43:10.236931086 CET4455034818.142.24.1192.168.2.6
                                                      Jan 14, 2025 22:43:10.236943007 CET4455034718.142.24.211192.168.2.6
                                                      Jan 14, 2025 22:43:10.237003088 CET50347445192.168.2.618.142.24.211
                                                      Jan 14, 2025 22:43:10.237102032 CET50348445192.168.2.618.142.24.1
                                                      Jan 14, 2025 22:43:10.237102032 CET50348445192.168.2.618.142.24.1
                                                      Jan 14, 2025 22:43:10.237399101 CET50349445192.168.2.618.142.24.1
                                                      Jan 14, 2025 22:43:10.242024899 CET4455034818.142.24.1192.168.2.6
                                                      Jan 14, 2025 22:43:10.242186069 CET4455034918.142.24.1192.168.2.6
                                                      Jan 14, 2025 22:43:10.242183924 CET50348445192.168.2.618.142.24.1
                                                      Jan 14, 2025 22:43:10.242249966 CET50349445192.168.2.618.142.24.1
                                                      Jan 14, 2025 22:43:10.242309093 CET50349445192.168.2.618.142.24.1
                                                      Jan 14, 2025 22:43:10.247061968 CET4455034918.142.24.1192.168.2.6
                                                      Jan 14, 2025 22:43:10.872950077 CET50350445192.168.2.6134.64.132.1
                                                      Jan 14, 2025 22:43:10.877942085 CET44550350134.64.132.1192.168.2.6
                                                      Jan 14, 2025 22:43:10.878890038 CET50350445192.168.2.6134.64.132.1
                                                      Jan 14, 2025 22:43:10.884541988 CET50350445192.168.2.6134.64.132.1
                                                      Jan 14, 2025 22:43:10.889413118 CET44550350134.64.132.1192.168.2.6
                                                      Jan 14, 2025 22:43:11.476682901 CET50351445192.168.2.648.113.108.17
                                                      Jan 14, 2025 22:43:11.481529951 CET4455035148.113.108.17192.168.2.6
                                                      Jan 14, 2025 22:43:11.481617928 CET50351445192.168.2.648.113.108.17
                                                      Jan 14, 2025 22:43:11.481698036 CET50351445192.168.2.648.113.108.17
                                                      Jan 14, 2025 22:43:11.481856108 CET50352445192.168.2.648.113.108.1
                                                      Jan 14, 2025 22:43:11.486639023 CET4455035248.113.108.1192.168.2.6
                                                      Jan 14, 2025 22:43:11.486732006 CET50352445192.168.2.648.113.108.1
                                                      Jan 14, 2025 22:43:11.486741066 CET50352445192.168.2.648.113.108.1
                                                      Jan 14, 2025 22:43:11.486771107 CET4455035148.113.108.17192.168.2.6
                                                      Jan 14, 2025 22:43:11.486819029 CET50351445192.168.2.648.113.108.17
                                                      Jan 14, 2025 22:43:11.487119913 CET50353445192.168.2.648.113.108.1
                                                      Jan 14, 2025 22:43:11.491849899 CET4455035248.113.108.1192.168.2.6
                                                      Jan 14, 2025 22:43:11.491905928 CET50352445192.168.2.648.113.108.1
                                                      Jan 14, 2025 22:43:11.492144108 CET4455035348.113.108.1192.168.2.6
                                                      Jan 14, 2025 22:43:11.492353916 CET50353445192.168.2.648.113.108.1
                                                      Jan 14, 2025 22:43:11.492468119 CET50353445192.168.2.648.113.108.1
                                                      Jan 14, 2025 22:43:11.497358084 CET4455035348.113.108.1192.168.2.6
                                                      Jan 14, 2025 22:43:11.850660086 CET4455021278.63.44.1192.168.2.6
                                                      Jan 14, 2025 22:43:11.850723028 CET50212445192.168.2.678.63.44.1
                                                      Jan 14, 2025 22:43:11.850790977 CET50212445192.168.2.678.63.44.1
                                                      Jan 14, 2025 22:43:11.850790977 CET50212445192.168.2.678.63.44.1
                                                      Jan 14, 2025 22:43:11.855628967 CET4455021278.63.44.1192.168.2.6
                                                      Jan 14, 2025 22:43:11.855663061 CET4455021278.63.44.1192.168.2.6
                                                      Jan 14, 2025 22:43:11.977649927 CET4455021818.1.0.1192.168.2.6
                                                      Jan 14, 2025 22:43:11.977715015 CET50218445192.168.2.618.1.0.1
                                                      Jan 14, 2025 22:43:11.977793932 CET50218445192.168.2.618.1.0.1
                                                      Jan 14, 2025 22:43:11.977833986 CET50218445192.168.2.618.1.0.1
                                                      Jan 14, 2025 22:43:11.982615948 CET4455021818.1.0.1192.168.2.6
                                                      Jan 14, 2025 22:43:11.982659101 CET4455021818.1.0.1192.168.2.6
                                                      Jan 14, 2025 22:43:12.039038897 CET50354445192.168.2.618.1.0.2
                                                      Jan 14, 2025 22:43:12.043934107 CET4455035418.1.0.2192.168.2.6
                                                      Jan 14, 2025 22:43:12.044013023 CET50354445192.168.2.618.1.0.2
                                                      Jan 14, 2025 22:43:12.044069052 CET50354445192.168.2.618.1.0.2
                                                      Jan 14, 2025 22:43:12.044445992 CET50355445192.168.2.618.1.0.2
                                                      Jan 14, 2025 22:43:12.049138069 CET4455035418.1.0.2192.168.2.6
                                                      Jan 14, 2025 22:43:12.049192905 CET50354445192.168.2.618.1.0.2
                                                      Jan 14, 2025 22:43:12.049262047 CET4455035518.1.0.2192.168.2.6
                                                      Jan 14, 2025 22:43:12.049320936 CET50355445192.168.2.618.1.0.2
                                                      Jan 14, 2025 22:43:12.049370050 CET50355445192.168.2.618.1.0.2
                                                      Jan 14, 2025 22:43:12.054203033 CET4455035518.1.0.2192.168.2.6
                                                      Jan 14, 2025 22:43:12.632930040 CET50356445192.168.2.6198.74.23.73
                                                      Jan 14, 2025 22:43:12.637811899 CET44550356198.74.23.73192.168.2.6
                                                      Jan 14, 2025 22:43:12.637897968 CET50356445192.168.2.6198.74.23.73
                                                      Jan 14, 2025 22:43:12.637943029 CET50356445192.168.2.6198.74.23.73
                                                      Jan 14, 2025 22:43:12.638042927 CET50357445192.168.2.6198.74.23.1
                                                      Jan 14, 2025 22:43:12.642803907 CET44550356198.74.23.73192.168.2.6
                                                      Jan 14, 2025 22:43:12.642860889 CET44550357198.74.23.1192.168.2.6
                                                      Jan 14, 2025 22:43:12.642863989 CET50356445192.168.2.6198.74.23.73
                                                      Jan 14, 2025 22:43:12.642935038 CET50357445192.168.2.6198.74.23.1
                                                      Jan 14, 2025 22:43:12.642999887 CET50357445192.168.2.6198.74.23.1
                                                      Jan 14, 2025 22:43:12.643261909 CET50358445192.168.2.6198.74.23.1
                                                      Jan 14, 2025 22:43:12.647810936 CET44550357198.74.23.1192.168.2.6
                                                      Jan 14, 2025 22:43:12.647864103 CET50357445192.168.2.6198.74.23.1
                                                      Jan 14, 2025 22:43:12.648072958 CET44550358198.74.23.1192.168.2.6
                                                      Jan 14, 2025 22:43:12.648122072 CET50358445192.168.2.6198.74.23.1
                                                      Jan 14, 2025 22:43:12.648416042 CET50358445192.168.2.6198.74.23.1
                                                      Jan 14, 2025 22:43:12.653176069 CET44550358198.74.23.1192.168.2.6
                                                      Jan 14, 2025 22:43:12.854867935 CET50359445192.168.2.6101.183.122.1
                                                      Jan 14, 2025 22:43:12.859723091 CET44550359101.183.122.1192.168.2.6
                                                      Jan 14, 2025 22:43:12.859818935 CET50359445192.168.2.6101.183.122.1
                                                      Jan 14, 2025 22:43:12.860079050 CET50359445192.168.2.6101.183.122.1
                                                      Jan 14, 2025 22:43:12.864892006 CET44550359101.183.122.1192.168.2.6
                                                      Jan 14, 2025 22:43:13.736614943 CET50361445192.168.2.6109.252.120.234
                                                      Jan 14, 2025 22:43:13.741497993 CET44550361109.252.120.234192.168.2.6
                                                      Jan 14, 2025 22:43:13.743402004 CET50361445192.168.2.6109.252.120.234
                                                      Jan 14, 2025 22:43:13.744924068 CET50361445192.168.2.6109.252.120.234
                                                      Jan 14, 2025 22:43:13.745218992 CET50362445192.168.2.6109.252.120.1
                                                      Jan 14, 2025 22:43:13.749756098 CET44550361109.252.120.234192.168.2.6
                                                      Jan 14, 2025 22:43:13.750051975 CET44550362109.252.120.1192.168.2.6
                                                      Jan 14, 2025 22:43:13.750112057 CET50361445192.168.2.6109.252.120.234
                                                      Jan 14, 2025 22:43:13.750161886 CET50362445192.168.2.6109.252.120.1
                                                      Jan 14, 2025 22:43:13.753412962 CET50362445192.168.2.6109.252.120.1
                                                      Jan 14, 2025 22:43:13.758313894 CET44550362109.252.120.1192.168.2.6
                                                      Jan 14, 2025 22:43:13.759335041 CET50362445192.168.2.6109.252.120.1
                                                      Jan 14, 2025 22:43:13.802012920 CET50363445192.168.2.6109.252.120.1
                                                      Jan 14, 2025 22:43:13.806842089 CET44550363109.252.120.1192.168.2.6
                                                      Jan 14, 2025 22:43:13.806905985 CET50363445192.168.2.6109.252.120.1
                                                      Jan 14, 2025 22:43:13.806977987 CET50363445192.168.2.6109.252.120.1
                                                      Jan 14, 2025 22:43:13.811733007 CET44550363109.252.120.1192.168.2.6
                                                      Jan 14, 2025 22:43:13.993274927 CET445502476.147.7.1192.168.2.6
                                                      Jan 14, 2025 22:43:13.994560003 CET50247445192.168.2.66.147.7.1
                                                      Jan 14, 2025 22:43:14.009582996 CET50247445192.168.2.66.147.7.1
                                                      Jan 14, 2025 22:43:14.009644985 CET50247445192.168.2.66.147.7.1
                                                      Jan 14, 2025 22:43:14.014404058 CET445502476.147.7.1192.168.2.6
                                                      Jan 14, 2025 22:43:14.014416933 CET445502476.147.7.1192.168.2.6
                                                      Jan 14, 2025 22:43:14.108030081 CET50364445192.168.2.66.147.7.2
                                                      Jan 14, 2025 22:43:14.112893105 CET445503646.147.7.2192.168.2.6
                                                      Jan 14, 2025 22:43:14.113007069 CET50364445192.168.2.66.147.7.2
                                                      Jan 14, 2025 22:43:14.113069057 CET50364445192.168.2.66.147.7.2
                                                      Jan 14, 2025 22:43:14.118186951 CET445503646.147.7.2192.168.2.6
                                                      Jan 14, 2025 22:43:14.120549917 CET50364445192.168.2.66.147.7.2
                                                      Jan 14, 2025 22:43:14.210388899 CET50365445192.168.2.66.147.7.2
                                                      Jan 14, 2025 22:43:14.216028929 CET445503656.147.7.2192.168.2.6
                                                      Jan 14, 2025 22:43:14.217565060 CET50365445192.168.2.66.147.7.2
                                                      Jan 14, 2025 22:43:14.217818022 CET50365445192.168.2.66.147.7.2
                                                      Jan 14, 2025 22:43:14.222619057 CET445503656.147.7.2192.168.2.6
                                                      Jan 14, 2025 22:43:14.726797104 CET50366445192.168.2.650.113.28.74
                                                      Jan 14, 2025 22:43:14.732424021 CET4455036650.113.28.74192.168.2.6
                                                      Jan 14, 2025 22:43:14.732486010 CET50366445192.168.2.650.113.28.74
                                                      Jan 14, 2025 22:43:14.732547998 CET50366445192.168.2.650.113.28.74
                                                      Jan 14, 2025 22:43:14.732711077 CET50367445192.168.2.650.113.28.1
                                                      Jan 14, 2025 22:43:14.737389088 CET4455036650.113.28.74192.168.2.6
                                                      Jan 14, 2025 22:43:14.737435102 CET50366445192.168.2.650.113.28.74
                                                      Jan 14, 2025 22:43:14.739351988 CET4455036750.113.28.1192.168.2.6
                                                      Jan 14, 2025 22:43:14.739409924 CET50367445192.168.2.650.113.28.1
                                                      Jan 14, 2025 22:43:14.739434004 CET50367445192.168.2.650.113.28.1
                                                      Jan 14, 2025 22:43:14.739732981 CET50368445192.168.2.650.113.28.1
                                                      Jan 14, 2025 22:43:14.744379044 CET4455036750.113.28.1192.168.2.6
                                                      Jan 14, 2025 22:43:14.744426966 CET50367445192.168.2.650.113.28.1
                                                      Jan 14, 2025 22:43:14.744489908 CET4455036850.113.28.1192.168.2.6
                                                      Jan 14, 2025 22:43:14.744658947 CET50368445192.168.2.650.113.28.1
                                                      Jan 14, 2025 22:43:14.744682074 CET50368445192.168.2.650.113.28.1
                                                      Jan 14, 2025 22:43:14.750016928 CET4455036850.113.28.1192.168.2.6
                                                      Jan 14, 2025 22:43:14.851672888 CET50369445192.168.2.678.63.44.1
                                                      Jan 14, 2025 22:43:14.858088970 CET4455036978.63.44.1192.168.2.6
                                                      Jan 14, 2025 22:43:14.858155966 CET50369445192.168.2.678.63.44.1
                                                      Jan 14, 2025 22:43:14.858184099 CET50369445192.168.2.678.63.44.1
                                                      Jan 14, 2025 22:43:14.863044977 CET4455036978.63.44.1192.168.2.6
                                                      Jan 14, 2025 22:43:15.664318085 CET50370445192.168.2.6175.68.141.242
                                                      Jan 14, 2025 22:43:15.669243097 CET44550370175.68.141.242192.168.2.6
                                                      Jan 14, 2025 22:43:15.669321060 CET50370445192.168.2.6175.68.141.242
                                                      Jan 14, 2025 22:43:15.669362068 CET50370445192.168.2.6175.68.141.242
                                                      Jan 14, 2025 22:43:15.669608116 CET50371445192.168.2.6175.68.141.1
                                                      Jan 14, 2025 22:43:15.674302101 CET44550370175.68.141.242192.168.2.6
                                                      Jan 14, 2025 22:43:15.674367905 CET50370445192.168.2.6175.68.141.242
                                                      Jan 14, 2025 22:43:15.674372911 CET44550371175.68.141.1192.168.2.6
                                                      Jan 14, 2025 22:43:15.674477100 CET50371445192.168.2.6175.68.141.1
                                                      Jan 14, 2025 22:43:15.674571991 CET50371445192.168.2.6175.68.141.1
                                                      Jan 14, 2025 22:43:15.675187111 CET50372445192.168.2.6175.68.141.1
                                                      Jan 14, 2025 22:43:15.679416895 CET44550371175.68.141.1192.168.2.6
                                                      Jan 14, 2025 22:43:15.679873943 CET50371445192.168.2.6175.68.141.1
                                                      Jan 14, 2025 22:43:15.679971933 CET44550372175.68.141.1192.168.2.6
                                                      Jan 14, 2025 22:43:15.680160999 CET50372445192.168.2.6175.68.141.1
                                                      Jan 14, 2025 22:43:15.680160999 CET50372445192.168.2.6175.68.141.1
                                                      Jan 14, 2025 22:43:15.684973001 CET44550372175.68.141.1192.168.2.6
                                                      Jan 14, 2025 22:43:15.869028091 CET44550260204.188.17.1192.168.2.6
                                                      Jan 14, 2025 22:43:15.869111061 CET50260445192.168.2.6204.188.17.1
                                                      Jan 14, 2025 22:43:15.869164944 CET50260445192.168.2.6204.188.17.1
                                                      Jan 14, 2025 22:43:15.869203091 CET50260445192.168.2.6204.188.17.1
                                                      Jan 14, 2025 22:43:15.874154091 CET44550260204.188.17.1192.168.2.6
                                                      Jan 14, 2025 22:43:15.874170065 CET44550260204.188.17.1192.168.2.6
                                                      Jan 14, 2025 22:43:16.278532028 CET44550266198.205.43.1192.168.2.6
                                                      Jan 14, 2025 22:43:16.278657913 CET50266445192.168.2.6198.205.43.1
                                                      Jan 14, 2025 22:43:16.278707027 CET50266445192.168.2.6198.205.43.1
                                                      Jan 14, 2025 22:43:16.278753996 CET50266445192.168.2.6198.205.43.1
                                                      Jan 14, 2025 22:43:16.283551931 CET44550266198.205.43.1192.168.2.6
                                                      Jan 14, 2025 22:43:16.283562899 CET44550266198.205.43.1192.168.2.6
                                                      Jan 14, 2025 22:43:16.335990906 CET50373445192.168.2.6198.205.43.2
                                                      Jan 14, 2025 22:43:16.340893030 CET44550373198.205.43.2192.168.2.6
                                                      Jan 14, 2025 22:43:16.341010094 CET50373445192.168.2.6198.205.43.2
                                                      Jan 14, 2025 22:43:16.341010094 CET50373445192.168.2.6198.205.43.2
                                                      Jan 14, 2025 22:43:16.341356993 CET50374445192.168.2.6198.205.43.2
                                                      Jan 14, 2025 22:43:16.346013069 CET44550373198.205.43.2192.168.2.6
                                                      Jan 14, 2025 22:43:16.346168995 CET50373445192.168.2.6198.205.43.2
                                                      Jan 14, 2025 22:43:16.346183062 CET44550374198.205.43.2192.168.2.6
                                                      Jan 14, 2025 22:43:16.346297026 CET50374445192.168.2.6198.205.43.2
                                                      Jan 14, 2025 22:43:16.346297026 CET50374445192.168.2.6198.205.43.2
                                                      Jan 14, 2025 22:43:16.351092100 CET44550374198.205.43.2192.168.2.6
                                                      Jan 14, 2025 22:43:16.539485931 CET50375445192.168.2.634.215.102.165
                                                      Jan 14, 2025 22:43:16.544564009 CET4455037534.215.102.165192.168.2.6
                                                      Jan 14, 2025 22:43:16.548563004 CET50375445192.168.2.634.215.102.165
                                                      Jan 14, 2025 22:43:16.550625086 CET50375445192.168.2.634.215.102.165
                                                      Jan 14, 2025 22:43:16.551224947 CET50376445192.168.2.634.215.102.1
                                                      Jan 14, 2025 22:43:16.556063890 CET4455037634.215.102.1192.168.2.6
                                                      Jan 14, 2025 22:43:16.556171894 CET50376445192.168.2.634.215.102.1
                                                      Jan 14, 2025 22:43:16.556229115 CET50376445192.168.2.634.215.102.1
                                                      Jan 14, 2025 22:43:16.556684017 CET50377445192.168.2.634.215.102.1
                                                      Jan 14, 2025 22:43:16.558357954 CET4455037534.215.102.165192.168.2.6
                                                      Jan 14, 2025 22:43:16.561542034 CET4455037734.215.102.1192.168.2.6
                                                      Jan 14, 2025 22:43:16.561764002 CET50377445192.168.2.634.215.102.1
                                                      Jan 14, 2025 22:43:16.561863899 CET50377445192.168.2.634.215.102.1
                                                      Jan 14, 2025 22:43:16.562340975 CET4455037634.215.102.1192.168.2.6
                                                      Jan 14, 2025 22:43:16.566639900 CET4455037734.215.102.1192.168.2.6
                                                      Jan 14, 2025 22:43:16.567327023 CET4455037534.215.102.165192.168.2.6
                                                      Jan 14, 2025 22:43:16.567400932 CET50375445192.168.2.634.215.102.165
                                                      Jan 14, 2025 22:43:16.567640066 CET4455037634.215.102.1192.168.2.6
                                                      Jan 14, 2025 22:43:16.567714930 CET50376445192.168.2.634.215.102.1
                                                      Jan 14, 2025 22:43:17.367353916 CET50378445192.168.2.6155.125.170.218
                                                      Jan 14, 2025 22:43:17.372390032 CET44550378155.125.170.218192.168.2.6
                                                      Jan 14, 2025 22:43:17.372466087 CET50378445192.168.2.6155.125.170.218
                                                      Jan 14, 2025 22:43:17.372493982 CET50378445192.168.2.6155.125.170.218
                                                      Jan 14, 2025 22:43:17.372653961 CET50379445192.168.2.6155.125.170.1
                                                      Jan 14, 2025 22:43:17.377495050 CET44550379155.125.170.1192.168.2.6
                                                      Jan 14, 2025 22:43:17.377558947 CET50379445192.168.2.6155.125.170.1
                                                      Jan 14, 2025 22:43:17.377585888 CET50379445192.168.2.6155.125.170.1
                                                      Jan 14, 2025 22:43:17.377636909 CET44550378155.125.170.218192.168.2.6
                                                      Jan 14, 2025 22:43:17.377829075 CET50378445192.168.2.6155.125.170.218
                                                      Jan 14, 2025 22:43:17.377898932 CET50380445192.168.2.6155.125.170.1
                                                      Jan 14, 2025 22:43:17.382850885 CET44550379155.125.170.1192.168.2.6
                                                      Jan 14, 2025 22:43:17.382863998 CET44550380155.125.170.1192.168.2.6
                                                      Jan 14, 2025 22:43:17.382901907 CET50379445192.168.2.6155.125.170.1
                                                      Jan 14, 2025 22:43:17.382946014 CET50380445192.168.2.6155.125.170.1
                                                      Jan 14, 2025 22:43:17.382989883 CET50380445192.168.2.6155.125.170.1
                                                      Jan 14, 2025 22:43:17.388117075 CET44550380155.125.170.1192.168.2.6
                                                      Jan 14, 2025 22:43:17.901696920 CET4455027887.122.116.1192.168.2.6
                                                      Jan 14, 2025 22:43:17.903598070 CET50278445192.168.2.687.122.116.1
                                                      Jan 14, 2025 22:43:17.904344082 CET50278445192.168.2.687.122.116.1
                                                      Jan 14, 2025 22:43:17.904505968 CET50278445192.168.2.687.122.116.1
                                                      Jan 14, 2025 22:43:17.909080982 CET4455027887.122.116.1192.168.2.6
                                                      Jan 14, 2025 22:43:17.909252882 CET4455027887.122.116.1192.168.2.6
                                                      Jan 14, 2025 22:43:18.042232990 CET4455028077.226.237.1192.168.2.6
                                                      Jan 14, 2025 22:43:18.042285919 CET50280445192.168.2.677.226.237.1
                                                      Jan 14, 2025 22:43:18.042612076 CET50280445192.168.2.677.226.237.1
                                                      Jan 14, 2025 22:43:18.042706013 CET50280445192.168.2.677.226.237.1
                                                      Jan 14, 2025 22:43:18.047367096 CET4455028077.226.237.1192.168.2.6
                                                      Jan 14, 2025 22:43:18.047414064 CET4455028077.226.237.1192.168.2.6
                                                      Jan 14, 2025 22:43:18.101610899 CET50381445192.168.2.677.226.237.2
                                                      Jan 14, 2025 22:43:18.106487036 CET4455038177.226.237.2192.168.2.6
                                                      Jan 14, 2025 22:43:18.106589079 CET50381445192.168.2.677.226.237.2
                                                      Jan 14, 2025 22:43:18.106673956 CET50381445192.168.2.677.226.237.2
                                                      Jan 14, 2025 22:43:18.107037067 CET50382445192.168.2.677.226.237.2
                                                      Jan 14, 2025 22:43:18.111696005 CET4455038177.226.237.2192.168.2.6
                                                      Jan 14, 2025 22:43:18.111767054 CET50381445192.168.2.677.226.237.2
                                                      Jan 14, 2025 22:43:18.111840963 CET4455038277.226.237.2192.168.2.6
                                                      Jan 14, 2025 22:43:18.112013102 CET50382445192.168.2.677.226.237.2
                                                      Jan 14, 2025 22:43:18.112013102 CET50382445192.168.2.677.226.237.2
                                                      Jan 14, 2025 22:43:18.116822004 CET4455038277.226.237.2192.168.2.6
                                                      Jan 14, 2025 22:43:18.133538008 CET50383445192.168.2.6124.171.123.90
                                                      Jan 14, 2025 22:43:18.138381958 CET44550383124.171.123.90192.168.2.6
                                                      Jan 14, 2025 22:43:18.138482094 CET50383445192.168.2.6124.171.123.90
                                                      Jan 14, 2025 22:43:18.138571978 CET50383445192.168.2.6124.171.123.90
                                                      Jan 14, 2025 22:43:18.138741970 CET50384445192.168.2.6124.171.123.1
                                                      Jan 14, 2025 22:43:18.143441916 CET44550383124.171.123.90192.168.2.6
                                                      Jan 14, 2025 22:43:18.143479109 CET44550384124.171.123.1192.168.2.6
                                                      Jan 14, 2025 22:43:18.143510103 CET50383445192.168.2.6124.171.123.90
                                                      Jan 14, 2025 22:43:18.143549919 CET50384445192.168.2.6124.171.123.1
                                                      Jan 14, 2025 22:43:18.143620968 CET50384445192.168.2.6124.171.123.1
                                                      Jan 14, 2025 22:43:18.144217968 CET50385445192.168.2.6124.171.123.1
                                                      Jan 14, 2025 22:43:18.148484945 CET44550384124.171.123.1192.168.2.6
                                                      Jan 14, 2025 22:43:18.148932934 CET50384445192.168.2.6124.171.123.1
                                                      Jan 14, 2025 22:43:18.148977041 CET44550385124.171.123.1192.168.2.6
                                                      Jan 14, 2025 22:43:18.149056911 CET50385445192.168.2.6124.171.123.1
                                                      Jan 14, 2025 22:43:18.149523020 CET50385445192.168.2.6124.171.123.1
                                                      Jan 14, 2025 22:43:18.154259920 CET44550385124.171.123.1192.168.2.6
                                                      Jan 14, 2025 22:43:18.883130074 CET50387445192.168.2.6204.188.17.1
                                                      Jan 14, 2025 22:43:18.887975931 CET44550387204.188.17.1192.168.2.6
                                                      Jan 14, 2025 22:43:18.888036013 CET50387445192.168.2.6204.188.17.1
                                                      Jan 14, 2025 22:43:18.888102055 CET50387445192.168.2.6204.188.17.1
                                                      Jan 14, 2025 22:43:18.892812967 CET44550387204.188.17.1192.168.2.6
                                                      Jan 14, 2025 22:43:20.195276022 CET44550294107.175.251.1192.168.2.6
                                                      Jan 14, 2025 22:43:20.195341110 CET50294445192.168.2.6107.175.251.1
                                                      Jan 14, 2025 22:43:20.195389032 CET50294445192.168.2.6107.175.251.1
                                                      Jan 14, 2025 22:43:20.195527077 CET50294445192.168.2.6107.175.251.1
                                                      Jan 14, 2025 22:43:20.200208902 CET44550294107.175.251.1192.168.2.6
                                                      Jan 14, 2025 22:43:20.200275898 CET44550294107.175.251.1192.168.2.6
                                                      Jan 14, 2025 22:43:20.258085012 CET50395445192.168.2.6107.175.251.2
                                                      Jan 14, 2025 22:43:20.263019085 CET44550395107.175.251.2192.168.2.6
                                                      Jan 14, 2025 22:43:20.263104916 CET50395445192.168.2.6107.175.251.2
                                                      Jan 14, 2025 22:43:20.263168097 CET50395445192.168.2.6107.175.251.2
                                                      Jan 14, 2025 22:43:20.263613939 CET50396445192.168.2.6107.175.251.2
                                                      Jan 14, 2025 22:43:20.268131018 CET44550395107.175.251.2192.168.2.6
                                                      Jan 14, 2025 22:43:20.268188953 CET50395445192.168.2.6107.175.251.2
                                                      Jan 14, 2025 22:43:20.268368006 CET44550396107.175.251.2192.168.2.6
                                                      Jan 14, 2025 22:43:20.268446922 CET50396445192.168.2.6107.175.251.2
                                                      Jan 14, 2025 22:43:20.268740892 CET50396445192.168.2.6107.175.251.2
                                                      Jan 14, 2025 22:43:20.273278952 CET44550298136.139.192.1192.168.2.6
                                                      Jan 14, 2025 22:43:20.273339033 CET50298445192.168.2.6136.139.192.1
                                                      Jan 14, 2025 22:43:20.273514986 CET44550396107.175.251.2192.168.2.6
                                                      Jan 14, 2025 22:43:20.275707960 CET50298445192.168.2.6136.139.192.1
                                                      Jan 14, 2025 22:43:20.275825977 CET50298445192.168.2.6136.139.192.1
                                                      Jan 14, 2025 22:43:20.280504942 CET44550298136.139.192.1192.168.2.6
                                                      Jan 14, 2025 22:43:20.280545950 CET44550298136.139.192.1192.168.2.6
                                                      Jan 14, 2025 22:43:20.913898945 CET50400445192.168.2.687.122.116.1
                                                      Jan 14, 2025 22:43:20.918767929 CET4455040087.122.116.1192.168.2.6
                                                      Jan 14, 2025 22:43:20.919123888 CET50400445192.168.2.687.122.116.1
                                                      Jan 14, 2025 22:43:20.919156075 CET50400445192.168.2.687.122.116.1
                                                      Jan 14, 2025 22:43:20.923929930 CET4455040087.122.116.1192.168.2.6
                                                      Jan 14, 2025 22:43:21.565135002 CET44550309197.9.206.2192.168.2.6
                                                      Jan 14, 2025 22:43:21.565231085 CET50309445192.168.2.6197.9.206.2
                                                      Jan 14, 2025 22:43:21.565231085 CET50309445192.168.2.6197.9.206.2
                                                      Jan 14, 2025 22:43:21.566323996 CET50309445192.168.2.6197.9.206.2
                                                      Jan 14, 2025 22:43:21.570002079 CET44550309197.9.206.2192.168.2.6
                                                      Jan 14, 2025 22:43:21.571073055 CET44550309197.9.206.2192.168.2.6
                                                      Jan 14, 2025 22:43:22.069531918 CET4455031548.168.78.1192.168.2.6
                                                      Jan 14, 2025 22:43:22.069598913 CET50315445192.168.2.648.168.78.1
                                                      Jan 14, 2025 22:43:22.069633007 CET50315445192.168.2.648.168.78.1
                                                      Jan 14, 2025 22:43:22.069677114 CET50315445192.168.2.648.168.78.1
                                                      Jan 14, 2025 22:43:22.075067997 CET4455031548.168.78.1192.168.2.6
                                                      Jan 14, 2025 22:43:22.075103045 CET4455031548.168.78.1192.168.2.6
                                                      Jan 14, 2025 22:43:22.116552114 CET4455031737.134.68.1192.168.2.6
                                                      Jan 14, 2025 22:43:22.116734982 CET50317445192.168.2.637.134.68.1
                                                      Jan 14, 2025 22:43:22.116734982 CET50317445192.168.2.637.134.68.1
                                                      Jan 14, 2025 22:43:22.117310047 CET50317445192.168.2.637.134.68.1
                                                      Jan 14, 2025 22:43:22.121521950 CET4455031737.134.68.1192.168.2.6
                                                      Jan 14, 2025 22:43:22.122042894 CET4455031737.134.68.1192.168.2.6
                                                      Jan 14, 2025 22:43:22.179753065 CET50409445192.168.2.637.134.68.2
                                                      Jan 14, 2025 22:43:22.184611082 CET4455040937.134.68.2192.168.2.6
                                                      Jan 14, 2025 22:43:22.184675932 CET50409445192.168.2.637.134.68.2
                                                      Jan 14, 2025 22:43:22.184711933 CET50409445192.168.2.637.134.68.2
                                                      Jan 14, 2025 22:43:22.185731888 CET50410445192.168.2.637.134.68.2
                                                      Jan 14, 2025 22:43:22.189754963 CET4455040937.134.68.2192.168.2.6
                                                      Jan 14, 2025 22:43:22.189851999 CET50409445192.168.2.637.134.68.2
                                                      Jan 14, 2025 22:43:22.191628933 CET4455041037.134.68.2192.168.2.6
                                                      Jan 14, 2025 22:43:22.191687107 CET50410445192.168.2.637.134.68.2
                                                      Jan 14, 2025 22:43:22.191869020 CET50410445192.168.2.637.134.68.2
                                                      Jan 14, 2025 22:43:22.198101997 CET4455041037.134.68.2192.168.2.6
                                                      Jan 14, 2025 22:43:23.288898945 CET50420445192.168.2.6136.139.192.1
                                                      Jan 14, 2025 22:43:23.293711901 CET44550420136.139.192.1192.168.2.6
                                                      Jan 14, 2025 22:43:23.293828011 CET50420445192.168.2.6136.139.192.1
                                                      Jan 14, 2025 22:43:23.293828011 CET50420445192.168.2.6136.139.192.1
                                                      Jan 14, 2025 22:43:23.298599958 CET44550420136.139.192.1192.168.2.6
                                                      Jan 14, 2025 22:43:23.944607019 CET4455032975.65.143.1192.168.2.6
                                                      Jan 14, 2025 22:43:23.944664955 CET50329445192.168.2.675.65.143.1
                                                      Jan 14, 2025 22:43:23.944694996 CET50329445192.168.2.675.65.143.1
                                                      Jan 14, 2025 22:43:23.944744110 CET50329445192.168.2.675.65.143.1
                                                      Jan 14, 2025 22:43:23.949506044 CET4455032975.65.143.1192.168.2.6
                                                      Jan 14, 2025 22:43:23.949518919 CET4455032975.65.143.1192.168.2.6
                                                      Jan 14, 2025 22:43:24.147810936 CET44550330219.121.211.1192.168.2.6
                                                      Jan 14, 2025 22:43:24.147895098 CET50330445192.168.2.6219.121.211.1
                                                      Jan 14, 2025 22:43:24.147958994 CET50330445192.168.2.6219.121.211.1
                                                      Jan 14, 2025 22:43:24.147988081 CET50330445192.168.2.6219.121.211.1
                                                      Jan 14, 2025 22:43:24.152874947 CET44550330219.121.211.1192.168.2.6
                                                      Jan 14, 2025 22:43:24.152903080 CET44550330219.121.211.1192.168.2.6
                                                      Jan 14, 2025 22:43:24.211024046 CET50432445192.168.2.6219.121.211.2
                                                      Jan 14, 2025 22:43:24.215872049 CET44550432219.121.211.2192.168.2.6
                                                      Jan 14, 2025 22:43:24.215934038 CET50432445192.168.2.6219.121.211.2
                                                      Jan 14, 2025 22:43:24.215954065 CET50432445192.168.2.6219.121.211.2
                                                      Jan 14, 2025 22:43:24.216303110 CET50433445192.168.2.6219.121.211.2
                                                      Jan 14, 2025 22:43:24.221174002 CET44550433219.121.211.2192.168.2.6
                                                      Jan 14, 2025 22:43:24.221321106 CET44550432219.121.211.2192.168.2.6
                                                      Jan 14, 2025 22:43:24.221379995 CET50432445192.168.2.6219.121.211.2
                                                      Jan 14, 2025 22:43:24.221390009 CET50433445192.168.2.6219.121.211.2
                                                      Jan 14, 2025 22:43:24.221404076 CET50433445192.168.2.6219.121.211.2
                                                      Jan 14, 2025 22:43:24.226535082 CET44550433219.121.211.2192.168.2.6
                                                      Jan 14, 2025 22:43:24.571594000 CET50439445192.168.2.6197.9.206.2
                                                      Jan 14, 2025 22:43:24.576414108 CET44550439197.9.206.2192.168.2.6
                                                      Jan 14, 2025 22:43:24.576519966 CET50439445192.168.2.6197.9.206.2
                                                      Jan 14, 2025 22:43:24.576661110 CET50439445192.168.2.6197.9.206.2
                                                      Jan 14, 2025 22:43:24.582345009 CET44550439197.9.206.2192.168.2.6
                                                      Jan 14, 2025 22:43:25.070116997 CET50446445192.168.2.648.168.78.1
                                                      Jan 14, 2025 22:43:25.074862003 CET4455044648.168.78.1192.168.2.6
                                                      Jan 14, 2025 22:43:25.074930906 CET50446445192.168.2.648.168.78.1
                                                      Jan 14, 2025 22:43:25.074961901 CET50446445192.168.2.648.168.78.1
                                                      Jan 14, 2025 22:43:25.079698086 CET4455044648.168.78.1192.168.2.6
                                                      Jan 14, 2025 22:43:25.664139986 CET4455033398.97.187.1192.168.2.6
                                                      Jan 14, 2025 22:43:25.664242983 CET50333445192.168.2.698.97.187.1
                                                      Jan 14, 2025 22:43:25.664242983 CET50333445192.168.2.698.97.187.1
                                                      Jan 14, 2025 22:43:25.664275885 CET50333445192.168.2.698.97.187.1
                                                      Jan 14, 2025 22:43:25.669168949 CET4455033398.97.187.1192.168.2.6
                                                      Jan 14, 2025 22:43:25.669183016 CET4455033398.97.187.1192.168.2.6
                                                      Jan 14, 2025 22:43:26.164263010 CET44550334149.173.236.1192.168.2.6
                                                      Jan 14, 2025 22:43:26.164349079 CET50334445192.168.2.6149.173.236.1
                                                      Jan 14, 2025 22:43:26.164419889 CET50334445192.168.2.6149.173.236.1
                                                      Jan 14, 2025 22:43:26.164457083 CET50334445192.168.2.6149.173.236.1
                                                      Jan 14, 2025 22:43:26.169262886 CET44550334149.173.236.1192.168.2.6
                                                      Jan 14, 2025 22:43:26.169290066 CET44550334149.173.236.1192.168.2.6
                                                      Jan 14, 2025 22:43:26.226418018 CET50468445192.168.2.6149.173.236.2
                                                      Jan 14, 2025 22:43:26.231291056 CET44550468149.173.236.2192.168.2.6
                                                      Jan 14, 2025 22:43:26.231369972 CET50468445192.168.2.6149.173.236.2
                                                      Jan 14, 2025 22:43:26.231451035 CET50468445192.168.2.6149.173.236.2
                                                      Jan 14, 2025 22:43:26.231770992 CET50469445192.168.2.6149.173.236.2
                                                      Jan 14, 2025 22:43:26.236319065 CET44550468149.173.236.2192.168.2.6
                                                      Jan 14, 2025 22:43:26.236430883 CET50468445192.168.2.6149.173.236.2
                                                      Jan 14, 2025 22:43:26.236607075 CET44550469149.173.236.2192.168.2.6
                                                      Jan 14, 2025 22:43:26.236670017 CET50469445192.168.2.6149.173.236.2
                                                      Jan 14, 2025 22:43:26.236706018 CET50469445192.168.2.6149.173.236.2
                                                      Jan 14, 2025 22:43:26.241622925 CET44550469149.173.236.2192.168.2.6
                                                      Jan 14, 2025 22:43:26.945442915 CET50487445192.168.2.675.65.143.1
                                                      Jan 14, 2025 22:43:26.950347900 CET4455048775.65.143.1192.168.2.6
                                                      Jan 14, 2025 22:43:26.950506926 CET50487445192.168.2.675.65.143.1
                                                      Jan 14, 2025 22:43:26.950506926 CET50487445192.168.2.675.65.143.1
                                                      Jan 14, 2025 22:43:26.955349922 CET4455048775.65.143.1192.168.2.6
                                                      Jan 14, 2025 22:43:27.475986958 CET4455033715.116.122.1192.168.2.6
                                                      Jan 14, 2025 22:43:27.476119041 CET50337445192.168.2.615.116.122.1
                                                      Jan 14, 2025 22:43:27.476218939 CET50337445192.168.2.615.116.122.1
                                                      Jan 14, 2025 22:43:27.476218939 CET50337445192.168.2.615.116.122.1
                                                      Jan 14, 2025 22:43:27.481014967 CET4455033715.116.122.1192.168.2.6
                                                      Jan 14, 2025 22:43:27.481024981 CET4455033715.116.122.1192.168.2.6
                                                      Jan 14, 2025 22:43:28.214255095 CET44550338147.244.118.1192.168.2.6
                                                      Jan 14, 2025 22:43:28.214325905 CET50338445192.168.2.6147.244.118.1
                                                      Jan 14, 2025 22:43:28.214742899 CET50338445192.168.2.6147.244.118.1
                                                      Jan 14, 2025 22:43:28.214742899 CET50338445192.168.2.6147.244.118.1
                                                      Jan 14, 2025 22:43:28.220400095 CET44550338147.244.118.1192.168.2.6
                                                      Jan 14, 2025 22:43:28.220413923 CET44550338147.244.118.1192.168.2.6
                                                      Jan 14, 2025 22:43:28.273483992 CET50528445192.168.2.6147.244.118.2
                                                      Jan 14, 2025 22:43:28.278472900 CET44550528147.244.118.2192.168.2.6
                                                      Jan 14, 2025 22:43:28.278548002 CET50528445192.168.2.6147.244.118.2
                                                      Jan 14, 2025 22:43:28.278644085 CET50528445192.168.2.6147.244.118.2
                                                      Jan 14, 2025 22:43:28.278959036 CET50529445192.168.2.6147.244.118.2
                                                      Jan 14, 2025 22:43:28.283555031 CET44550528147.244.118.2192.168.2.6
                                                      Jan 14, 2025 22:43:28.283606052 CET50528445192.168.2.6147.244.118.2
                                                      Jan 14, 2025 22:43:28.283746958 CET44550529147.244.118.2192.168.2.6
                                                      Jan 14, 2025 22:43:28.283802986 CET50529445192.168.2.6147.244.118.2
                                                      Jan 14, 2025 22:43:28.283864975 CET50529445192.168.2.6147.244.118.2
                                                      Jan 14, 2025 22:43:28.288589001 CET44550529147.244.118.2192.168.2.6
                                                      Jan 14, 2025 22:43:28.680483103 CET50548445192.168.2.698.97.187.1
                                                      Jan 14, 2025 22:43:28.685468912 CET4455054898.97.187.1192.168.2.6
                                                      Jan 14, 2025 22:43:28.685610056 CET50548445192.168.2.698.97.187.1
                                                      Jan 14, 2025 22:43:28.685972929 CET50548445192.168.2.698.97.187.1
                                                      Jan 14, 2025 22:43:28.690749884 CET4455054898.97.187.1192.168.2.6
                                                      Jan 14, 2025 22:43:28.981524944 CET44550341162.104.87.1192.168.2.6
                                                      Jan 14, 2025 22:43:28.983568907 CET50341445192.168.2.6162.104.87.1
                                                      Jan 14, 2025 22:43:28.983568907 CET50341445192.168.2.6162.104.87.1
                                                      Jan 14, 2025 22:43:28.987191916 CET50341445192.168.2.6162.104.87.1
                                                      Jan 14, 2025 22:43:28.988890886 CET44550341162.104.87.1192.168.2.6
                                                      Jan 14, 2025 22:43:28.992070913 CET44550341162.104.87.1192.168.2.6
                                                      Jan 14, 2025 22:43:30.210352898 CET44550343144.165.243.1192.168.2.6
                                                      Jan 14, 2025 22:43:30.210406065 CET50343445192.168.2.6144.165.243.1
                                                      Jan 14, 2025 22:43:30.274518967 CET4455034676.252.20.1192.168.2.6
                                                      Jan 14, 2025 22:43:30.274578094 CET50346445192.168.2.676.252.20.1
                                                      Jan 14, 2025 22:43:31.602730036 CET4455034918.142.24.1192.168.2.6
                                                      Jan 14, 2025 22:43:31.602801085 CET50349445192.168.2.618.142.24.1
                                                      Jan 14, 2025 22:43:31.778955936 CET50363445192.168.2.6109.252.120.1
                                                      Jan 14, 2025 22:43:31.779053926 CET50350445192.168.2.6134.64.132.1
                                                      Jan 14, 2025 22:43:31.779077053 CET50358445192.168.2.6198.74.23.1
                                                      Jan 14, 2025 22:43:31.779119015 CET50380445192.168.2.6155.125.170.1
                                                      Jan 14, 2025 22:43:31.779155016 CET50420445192.168.2.6136.139.192.1
                                                      Jan 14, 2025 22:43:31.779164076 CET50382445192.168.2.677.226.237.2
                                                      Jan 14, 2025 22:43:31.779403925 CET50377445192.168.2.634.215.102.1
                                                      Jan 14, 2025 22:43:31.779439926 CET50374445192.168.2.6198.205.43.2
                                                      Jan 14, 2025 22:43:31.779469013 CET50400445192.168.2.687.122.116.1
                                                      Jan 14, 2025 22:43:31.779500961 CET50439445192.168.2.6197.9.206.2
                                                      Jan 14, 2025 22:43:31.779534101 CET50433445192.168.2.6219.121.211.2
                                                      Jan 14, 2025 22:43:31.779566050 CET50469445192.168.2.6149.173.236.2
                                                      Jan 14, 2025 22:43:31.779645920 CET50346445192.168.2.676.252.20.1
                                                      Jan 14, 2025 22:43:31.779685974 CET50343445192.168.2.6144.165.243.1
                                                      Jan 14, 2025 22:43:31.779717922 CET50349445192.168.2.618.142.24.1
                                                      Jan 14, 2025 22:43:31.779736996 CET50353445192.168.2.648.113.108.1
                                                      Jan 14, 2025 22:43:31.779759884 CET50355445192.168.2.618.1.0.2
                                                      Jan 14, 2025 22:43:31.779884100 CET50359445192.168.2.6101.183.122.1
                                                      Jan 14, 2025 22:43:31.779897928 CET50365445192.168.2.66.147.7.2
                                                      Jan 14, 2025 22:43:31.779930115 CET50368445192.168.2.650.113.28.1
                                                      Jan 14, 2025 22:43:31.780005932 CET50369445192.168.2.678.63.44.1
                                                      Jan 14, 2025 22:43:31.780036926 CET50372445192.168.2.6175.68.141.1
                                                      Jan 14, 2025 22:43:31.780106068 CET50385445192.168.2.6124.171.123.1
                                                      Jan 14, 2025 22:43:31.780122995 CET50387445192.168.2.6204.188.17.1
                                                      Jan 14, 2025 22:43:31.780147076 CET50396445192.168.2.6107.175.251.2
                                                      Jan 14, 2025 22:43:31.780185938 CET50410445192.168.2.637.134.68.2
                                                      Jan 14, 2025 22:43:31.780251026 CET50446445192.168.2.648.168.78.1
                                                      Jan 14, 2025 22:43:31.780282974 CET50548445192.168.2.698.97.187.1
                                                      Jan 14, 2025 22:43:31.780361891 CET50487445192.168.2.675.65.143.1
                                                      Jan 14, 2025 22:43:31.781163931 CET50529445192.168.2.6147.244.118.2
                                                      Jan 14, 2025 22:43:55.039382935 CET4970780192.168.2.62.23.77.188
                                                      Jan 14, 2025 22:43:55.039558887 CET4970680192.168.2.6199.232.210.172
                                                      Jan 14, 2025 22:43:55.039617062 CET49705443192.168.2.640.126.32.138
                                                      Jan 14, 2025 22:43:55.044620037 CET80497072.23.77.188192.168.2.6
                                                      Jan 14, 2025 22:43:55.044696093 CET4970780192.168.2.62.23.77.188
                                                      Jan 14, 2025 22:43:55.045069933 CET8049706199.232.210.172192.168.2.6
                                                      Jan 14, 2025 22:43:55.045084953 CET4434970540.126.32.138192.168.2.6
                                                      Jan 14, 2025 22:43:55.045125008 CET4970680192.168.2.6199.232.210.172
                                                      Jan 14, 2025 22:43:55.045156956 CET49705443192.168.2.640.126.32.138
                                                      Jan 14, 2025 22:43:57.007627010 CET4970880192.168.2.62.23.77.188
                                                      Jan 14, 2025 22:43:57.007746935 CET4971180192.168.2.6199.232.210.172
                                                      Jan 14, 2025 22:43:57.012769938 CET80497082.23.77.188192.168.2.6
                                                      Jan 14, 2025 22:43:57.012836933 CET4970880192.168.2.62.23.77.188
                                                      Jan 14, 2025 22:43:57.013057947 CET8049711199.232.210.172192.168.2.6
                                                      Jan 14, 2025 22:43:57.013109922 CET4971180192.168.2.6199.232.210.172
                                                      Jan 14, 2025 22:43:57.554503918 CET49709443192.168.2.640.126.32.138
                                                      Jan 14, 2025 22:43:57.554728031 CET49713443192.168.2.640.126.32.138
                                                      Jan 14, 2025 22:43:57.565479040 CET4434970940.126.32.138192.168.2.6
                                                      Jan 14, 2025 22:43:57.565566063 CET4434971340.126.32.138192.168.2.6
                                                      Jan 14, 2025 22:43:57.565612078 CET49709443192.168.2.640.126.32.138
                                                      Jan 14, 2025 22:43:57.565639973 CET49713443192.168.2.640.126.32.138
                                                      Jan 14, 2025 22:44:31.808182955 CET5067180192.168.2.6103.224.212.215
                                                      Jan 14, 2025 22:44:31.813070059 CET8050671103.224.212.215192.168.2.6
                                                      Jan 14, 2025 22:44:31.813152075 CET5067180192.168.2.6103.224.212.215
                                                      Jan 14, 2025 22:44:31.813306093 CET5067180192.168.2.6103.224.212.215
                                                      Jan 14, 2025 22:44:31.819082975 CET8050671103.224.212.215192.168.2.6

                                                      UDP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Jan 14, 2025 22:42:22.947624922 CET6546153192.168.2.61.1.1.1
                                                      Jan 14, 2025 22:42:23.249906063 CET53654611.1.1.1192.168.2.6
                                                      Jan 14, 2025 22:42:23.871413946 CET5006453192.168.2.61.1.1.1
                                                      Jan 14, 2025 22:42:24.198791981 CET53500641.1.1.1192.168.2.6

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Jan 14, 2025 22:42:22.947624922 CET192.168.2.61.1.1.10x98fStandard query (0)www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comA (IP address)IN (0x0001)false
                                                      Jan 14, 2025 22:42:23.871413946 CET192.168.2.61.1.1.10xbc49Standard query (0)ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comA (IP address)IN (0x0001)false

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Jan 14, 2025 22:42:17.753376961 CET1.1.1.1192.168.2.60x6c4fNo error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                      Jan 14, 2025 22:42:17.753376961 CET1.1.1.1192.168.2.60x6c4fNo error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                      Jan 14, 2025 22:42:23.249906063 CET1.1.1.1192.168.2.60x98fNo error (0)www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com103.224.212.215A (IP address)IN (0x0001)false
                                                      Jan 14, 2025 22:42:24.198791981 CET1.1.1.1192.168.2.60xbc49No error (0)ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com77026.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                      Jan 14, 2025 22:42:24.198791981 CET1.1.1.1192.168.2.60xbc49No error (0)77026.bodis.com199.59.243.228A (IP address)IN (0x0001)false

                                                      HTTP Request Dependency Graph

                                                      • tse1.mm.bing.net
                                                      • www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
                                                      • ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com

                                                      HTTP Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.649751103.224.212.215806900C:\Windows\mssecsvr.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jan 14, 2025 22:42:23.261267900 CET100OUTGET / HTTP/1.1
                                                      Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
                                                      Cache-Control: no-cache
                                                      Jan 14, 2025 22:42:23.864964008 CET365INHTTP/1.1 302 Found
                                                      date: Tue, 14 Jan 2025 21:42:23 GMT
                                                      server: Apache
                                                      set-cookie: __tad=1736890943.1640136; expires=Fri, 12-Jan-2035 21:42:23 GMT; Max-Age=315360000
                                                      location: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-0842-23ff-808d-88d237d35f6d
                                                      content-length: 2
                                                      content-type: text/html; charset=UTF-8
                                                      connection: close
                                                      Data Raw: 0a 0a
                                                      Data Ascii:


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      1192.168.2.649757199.59.243.228806900C:\Windows\mssecsvr.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jan 14, 2025 22:42:24.228266001 CET169OUTGET /?subid1=20250115-0842-23ff-808d-88d237d35f6d HTTP/1.1
                                                      Cache-Control: no-cache
                                                      Host: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
                                                      Connection: Keep-Alive
                                                      Jan 14, 2025 22:42:24.670315027 CET1236INHTTP/1.1 200 OK
                                                      date: Tue, 14 Jan 2025 21:42:24 GMT
                                                      content-type: text/html; charset=utf-8
                                                      content-length: 1262
                                                      x-request-id: 43c57fdf-6860-4e67-b6fc-8e3b3fbb2124
                                                      cache-control: no-store, max-age=0
                                                      accept-ch: sec-ch-prefers-color-scheme
                                                      critical-ch: sec-ch-prefers-color-scheme
                                                      vary: sec-ch-prefers-color-scheme
                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_QRrtguHoxcMuF4Q0zqP7RAaNnRqmqcYJPCNhQ1lzf1PyG/c8Va/voK8NKncNTCjY9QQ1XkBZp61H1WH/fqoH6g==
                                                      set-cookie: parking_session=43c57fdf-6860-4e67-b6fc-8e3b3fbb2124; expires=Tue, 14 Jan 2025 21:57:24 GMT; path=/
                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 51 52 72 74 67 75 48 6f 78 63 4d 75 46 34 51 30 7a 71 50 37 52 41 61 4e 6e 52 71 6d 71 63 59 4a 50 43 4e 68 51 31 6c 7a 66 31 50 79 47 2f 63 38 56 61 2f 76 6f 4b 38 4e 4b 6e 63 4e 54 43 6a 59 39 51 51 31 58 6b 42 5a 70 36 31 48 31 57 48 2f 66 71 6f 48 36 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                      Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_QRrtguHoxcMuF4Q0zqP7RAaNnRqmqcYJPCNhQ1lzf1PyG/c8Va/voK8NKncNTCjY9QQ1XkBZp61H1WH/fqoH6g==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
                                                      Jan 14, 2025 22:42:24.670336008 CET696INData Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65
                                                      Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNDNjNTdmZGYtNjg2MC00ZTY3LWI2ZmMtOGUzYjNmYmIyMTI0IiwicGFnZV90aW1lIjoxNzM2ODkwOTQ0LCJwYWdlX3VybCI6I


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      2192.168.2.649763103.224.212.215803656C:\Windows\mssecsvr.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jan 14, 2025 22:42:25.025501013 CET100OUTGET / HTTP/1.1
                                                      Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
                                                      Cache-Control: no-cache
                                                      Jan 14, 2025 22:42:25.659610033 CET365INHTTP/1.1 302 Found
                                                      date: Tue, 14 Jan 2025 21:42:25 GMT
                                                      server: Apache
                                                      set-cookie: __tad=1736890945.7956260; expires=Fri, 12-Jan-2035 21:42:25 GMT; Max-Age=315360000
                                                      location: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-0842-255f-aa23-58d727aba250
                                                      content-length: 2
                                                      content-type: text/html; charset=UTF-8
                                                      connection: close
                                                      Data Raw: 0a 0a
                                                      Data Ascii:


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      3192.168.2.649769199.59.243.228803656C:\Windows\mssecsvr.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jan 14, 2025 22:42:25.670867920 CET169OUTGET /?subid1=20250115-0842-255f-aa23-58d727aba250 HTTP/1.1
                                                      Cache-Control: no-cache
                                                      Host: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
                                                      Connection: Keep-Alive
                                                      Jan 14, 2025 22:42:26.125848055 CET1236INHTTP/1.1 200 OK
                                                      date: Tue, 14 Jan 2025 21:42:25 GMT
                                                      content-type: text/html; charset=utf-8
                                                      content-length: 1262
                                                      x-request-id: a0cd7e00-30ea-4b8c-8d33-b3d9a1d5d1c8
                                                      cache-control: no-store, max-age=0
                                                      accept-ch: sec-ch-prefers-color-scheme
                                                      critical-ch: sec-ch-prefers-color-scheme
                                                      vary: sec-ch-prefers-color-scheme
                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_A+RhSpEr4pHixdmsk7LTZK1K07y8Go7g1On4nrlioICh/FL3HBsK9Vsltda+YM4LPzw5GpiyLmgnn+YZU65kWg==
                                                      set-cookie: parking_session=a0cd7e00-30ea-4b8c-8d33-b3d9a1d5d1c8; expires=Tue, 14 Jan 2025 21:57:26 GMT; path=/
                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 41 2b 52 68 53 70 45 72 34 70 48 69 78 64 6d 73 6b 37 4c 54 5a 4b 31 4b 30 37 79 38 47 6f 37 67 31 4f 6e 34 6e 72 6c 69 6f 49 43 68 2f 46 4c 33 48 42 73 4b 39 56 73 6c 74 64 61 2b 59 4d 34 4c 50 7a 77 35 47 70 69 79 4c 6d 67 6e 6e 2b 59 5a 55 36 35 6b 57 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                      Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_A+RhSpEr4pHixdmsk7LTZK1K07y8Go7g1On4nrlioICh/FL3HBsK9Vsltda+YM4LPzw5GpiyLmgnn+YZU65kWg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
                                                      Jan 14, 2025 22:42:26.125866890 CET696INData Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65
                                                      Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYTBjZDdlMDAtMzBlYS00YjhjLThkMzMtYjNkOWExZDVkMWM4IiwicGFnZV90aW1lIjoxNzM2ODkwOTQ2LCJwYWdlX3VybCI6I


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      4192.168.2.649770103.224.212.215802580C:\Windows\mssecsvr.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jan 14, 2025 22:42:25.822977066 CET134OUTGET / HTTP/1.1
                                                      Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
                                                      Cache-Control: no-cache
                                                      Cookie: __tad=1736890943.1640136
                                                      Jan 14, 2025 22:42:26.411207914 CET269INHTTP/1.1 302 Found
                                                      date: Tue, 14 Jan 2025 21:42:26 GMT
                                                      server: Apache
                                                      location: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20250115-0842-2674-be12-423b8bba8fd9
                                                      content-length: 2
                                                      content-type: text/html; charset=UTF-8
                                                      connection: close
                                                      Data Raw: 0a 0a
                                                      Data Ascii:


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      5192.168.2.649784199.59.243.228802580C:\Windows\mssecsvr.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jan 14, 2025 22:42:26.443507910 CET231OUTGET /?subid1=20250115-0842-2674-be12-423b8bba8fd9 HTTP/1.1
                                                      Cache-Control: no-cache
                                                      Host: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
                                                      Connection: Keep-Alive
                                                      Cookie: parking_session=43c57fdf-6860-4e67-b6fc-8e3b3fbb2124
                                                      Jan 14, 2025 22:42:26.888611078 CET1236INHTTP/1.1 200 OK
                                                      date: Tue, 14 Jan 2025 21:42:26 GMT
                                                      content-type: text/html; charset=utf-8
                                                      content-length: 1262
                                                      x-request-id: 61ed8b37-eced-446f-81f9-a44ebb56d8d0
                                                      cache-control: no-store, max-age=0
                                                      accept-ch: sec-ch-prefers-color-scheme
                                                      critical-ch: sec-ch-prefers-color-scheme
                                                      vary: sec-ch-prefers-color-scheme
                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_UVpRaVNXIU+rqTKvlt7J4c18rayJvQero0GGclIHZaZEOO1lvDrSxfebj5KW8zfVwSLbsYUT2o2cXYCray4yhA==
                                                      set-cookie: parking_session=43c57fdf-6860-4e67-b6fc-8e3b3fbb2124; expires=Tue, 14 Jan 2025 21:57:26 GMT
                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 55 56 70 52 61 56 4e 58 49 55 2b 72 71 54 4b 76 6c 74 37 4a 34 63 31 38 72 61 79 4a 76 51 65 72 6f 30 47 47 63 6c 49 48 5a 61 5a 45 4f 4f 31 6c 76 44 72 53 78 66 65 62 6a 35 4b 57 38 7a 66 56 77 53 4c 62 73 59 55 54 32 6f 32 63 58 59 43 72 61 79 34 79 68 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                      Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_UVpRaVNXIU+rqTKvlt7J4c18rayJvQero0GGclIHZaZEOO1lvDrSxfebj5KW8zfVwSLbsYUT2o2cXYCray4yhA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect
                                                      Jan 14, 2025 22:42:26.888628006 CET688INData Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65
                                                      Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNDNjNTdmZGYtNjg2MC00ZTY3LWI2ZmMtOGUzYjNmYmIyMTI0IiwicGFnZV90aW1lIjoxNzM2ODkwOTQ2LCJwYWdlX3VybCI6Imh0dHA6L


                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                      6192.168.2.650671103.224.212.21580
                                                      TimestampBytes transferredDirectionData
                                                      Jan 14, 2025 22:44:31.813306093 CET100OUTGET / HTTP/1.1
                                                      Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
                                                      Cache-Control: no-cache


                                                      HTTPS Proxied Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.650141150.171.28.10443
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-14 21:42:47 UTC346OUTGET /th?id=OADD2.10239360422982_1TJDRH7G9FF9FQQY2&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate, br
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                      Host: tse1.mm.bing.net
                                                      Connection: Keep-Alive
                                                      2025-01-14 21:42:47 UTC854INHTTP/1.1 200 OK
                                                      Cache-Control: public, max-age=2592000
                                                      Content-Length: 837003
                                                      Content-Type: image/jpeg
                                                      X-Cache: TCP_HIT
                                                      Access-Control-Allow-Origin: *
                                                      Access-Control-Allow-Headers: *
                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                      Timing-Allow-Origin: *
                                                      Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                      NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      X-MSEdge-Ref: Ref A: C5D2F6695C7F4D45B5D1427ED54C0D9E Ref B: EWR30EDGE1607 Ref C: 2025-01-14T21:42:47Z
                                                      Date: Tue, 14 Jan 2025 21:42:46 GMT
                                                      Connection: close
                                                      2025-01-14 21:42:47 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 17 7e 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 35 3a 31 33 20 31 39 3a 30 30 3a 32 34 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 04 38 a0 03 00 04 00 00 00 01 00 00 07 80 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01
                                                      Data Ascii: JFIF``~ExifMM*bj(1r2i``Adobe Photoshop 24.4 (Windows)2023:05:13 19:00:248
                                                      2025-01-14 21:42:47 UTC16384INData Raw: 00 4c a2 ac ad 0d 2d ad bf e2 5f a7 c1 7b 6b 67 6b fb cf 36 59 bf 73 1f fd f5 5a 56 76 97 b0 e9 7f 68 d4 2c 61 96 f2 5f f9 65 17 fa e9 28 b7 b2 b9 b9 b2 fb 47 91 7b 15 c4 bf f2 cb 50 9b e7 ff 00 be 68 11 5a e2 5d 3a f2 6f 32 3f f4 fb 8f f9 65 75 14 3b fc ba 2c ed 2d 9e 69 6e 24 be f2 af 2e bf d5 7f 07 fe 83 55 a3 8b ed 3a 5f 99 27 d8 bf b3 ff 00 d6 4b e5 43 fe b3 fd 9f 2e a9 ff 00 a4 ea bf bc fe ca 9b 46 b3 8a 2f 2a 2b a8 a1 ff 00 48 ac fd f3 43 7a de de 4f b1 7d 9e e2 c7 ed 56 f2 fe ef f7 53 7f 07 fb d5 0c 71 59 5b 59 4b 71 fd 95 f6 5b 89 65 f2 a2 8a ee 6d f5 5b ec ff 00 66 bd b5 bc bc f1 1f 9b 6f 17 ee fc af b9 0e fa 9b ed ba 72 59 79 9a 87 fa 07 ef 7f e5 d2 f7 e4 b8 ad 00 bf 1e 95 1c df bc d5 20 86 5f 2b fd 57 d9 2a 86 9f 77 e1 47 fd de 9f a5 7f a4 7e
                                                      Data Ascii: L-_{kgk6YsZVvh,a_e(G{PhZ]:o2?eu;,-in$.U:_'KC.F/*+HCzO}VSqY[YKq[em[forYy _+W*wG~
                                                      2025-01-14 21:42:47 UTC16384INData Raw: f1 1e 8a 9a 5c 52 49 a1 cd 6b a8 5f c5 fe aa 29 bc ef fb ef fd ba 86 f3 5b d5 6d a1 f2 f4 bd 2a 1d 2e 4f f9 65 75 ad cd f3 ff 00 df ba a7 e1 fd 43 4d d6 26 96 e3 fb 0f ca bc 97 fd 6c 56 9f f2 e9 ff 00 5d 5a 8d 42 df c1 fa 3f 9b 79 aa 41 7b aa 59 cb fe aa 59 7f e7 af fb b5 7e e4 67 cb ca 48 41 ae c8 9a 67 97 ae 6b 90 cb 79 2f ef 25 96 2f 9d 3f dd 8d aa cd e5 bf da 7c 33 fe 99 fd a9 fb df dd cb 2d a4 29 f6 cf fb ea a9 eb 16 51 dc e9 7e 5e a9 a1 fd ab 4f 96 54 fe cf fe c9 b2 f9 e0 ff 00 ae 8b bb ef 55 f9 35 2b 9d 12 f7 ed 11 f8 56 f7 ed 1e 57 ee ae ad 3f 7d ff 00 7f 97 fb d4 fe 1f 83 70 2b 59 e8 9a 0e a5 a5 c5 e6 68 77 b7 f1 d8 7f c7 af 9b f2 4d ba b6 34 bb 4b 9b 3b ed 42 e2 48 2c a2 b3 f2 bf d1 6d 7e ff 00 fd fc ff 00 6a 99 e1 7d 4f 5a bc d1 7f e2 61 07 da
                                                      Data Ascii: \RIk_)[m*.OeuCM&lV]ZB?yA{YY~gHAgky/%/?|3-)Q~^OTU5+VW?}p+YhwM4K;BH,m~j}OZa
                                                      2025-01-14 21:42:47 UTC16384INData Raw: b6 2d f4 3d 32 2d 62 ea 5f de cb a7 fc ff 00 ba fe 0f dd d1 cf cb ef 74 01 9e 6d cd 9c d1 59 e8 73 cd 15 e4 b1 79 91 7d ae 1f f4 68 ea b4 72 de bd 97 d9 f5 cf 11 d9 45 71 fe ae 29 62 ff 00 e2 1e ae 47 e2 0b dd 4b 53 fe cb ff 00 84 72 f6 28 fc a9 24 96 ea d2 64 48 64 6f ee fc d5 95 1b eb d7 fa 9c 37 12 58 e9 92 e9 7f f4 d6 1d 93 41 b7 ef 6f 6f fe 26 8e 70 99 43 54 f0 e6 ad fd 97 15 e6 a9 e2 ab 2d 7b 4f 8b fe 5c 25 9a 18 53 fe 03 f3 7d fa a7 fd 89 6d 61 0f fc 4b fc 2b 65 75 25 d7 ee fc a9 66 d9 34 6b fe cc 8b c5 5f d6 3c 2b a0 dc 4d fd a1 ab f8 57 c9 b3 8a 29 24 8b fe 5e 21 ff 00 ae 94 59 eb b6 da 94 df 67 f0 5e b9 aa 79 9f 24 97 56 b2 d9 79 30 c7 b5 3f db ae d8 4e 72 87 b9 f3 ec 62 53 d6 3c 2f e1 8d 37 4c 8b 4f bc 82 f7 cc ba ff 00 5b 2c bf dd ff 00 66 8a
                                                      Data Ascii: -=2-b_tmYsy}hrEq)bGKSr($dHdo7XAoo&pCT-{O\%S}maK+eu%f4k_<+MW)$^!Yg^y$Vy0?NrbS</7LO[,f
                                                      2025-01-14 21:42:47 UTC16384INData Raw: af fa 89 6d e5 ba 8f ed 5e 6f dc d9 5c f8 e7 c9 42 65 f3 9e 8b fb 3b a7 8e 34 4f 13 ea 16 f2 58 fd 82 48 ad 7c b9 65 bb 86 bd 23 58 d6 f5 e7 d5 25 8e df fb 2e c3 ca 8a 49 22 ba 8b e7 fb 46 df fd 0d 2a cd c7 83 f4 5d 2b 4b ff 00 84 6e e3 fd 3e 3f 36 39 3e df 14 df be b4 7f fd 9f fb d5 cc 78 b3 c2 57 36 7e 1f fb 1e a1 7d 37 97 aa 4b 1f f6 7f d9 7e fc 7b 7f e7 a7 fd 33 af c5 b1 58 9c 36 33 15 cd a2 3d 6a 70 9c 60 74 ff 00 62 d3 b4 d8 6e a4 b8 be d4 ef ff 00 b5 3f 77 14 5f 71 3f df 8f fb bb 7b 56 c6 9f 65 e2 24 f1 07 f6 5c 7a ae 99 16 8f e5 7f aa 86 1f f4 89 22 fe f7 fd 75 6a e4 b4 bd 43 65 e7 f6 3d e5 8f f6 a5 bc 5f f2 f5 e7 7e e6 47 5a bb aa 7f c2 0f e1 fd 53 54 d4 2e 35 cb d8 a4 96 24 92 5d 2a 28 5f ed 13 ee fb b1 ef fe ed 79 33 a3 37 cd 1d db db a9 d0 5e
                                                      Data Ascii: m^o\Be;4OXH|e#X%.I"F*]+Kn>?69>xW6~}7K~{3X63=jp`tbn?w_q?{Ve$\z"ujCe=_~GZST.5$]*(_y37^
                                                      2025-01-14 21:42:47 UTC16384INData Raw: 00 ee 6d 8b fb e2 8b 8b 5d 3a 1d 6a 1b 7d 1f 43 fe cb bc ff 00 8f 99 6e ad 3e 4f b3 ff 00 df 7f 7a a8 68 fe 12 bd 4d 52 eb 5c d4 3c f8 ae 25 d9 24 b7 5f f1 f3 f3 7f d3 3a c5 ce 13 f8 a4 5f f8 4b 96 7a 05 c5 fe a9 6a 9a ff 00 88 ec b5 88 e2 fd e4 bf 6b 85 3f d5 6f fd da 7c bf 2a 56 96 a9 6f 64 f6 5f 68 f1 5e 95 fe 8f 14 bf 66 b0 b0 f0 ff 00 ef a1 f2 bf bd 25 57 d1 d7 4a d1 20 96 df 4b f0 ee b5 f6 39 3f 79 75 75 77 65 b1 2e 1b fb ad fd cf 6a 3c 19 aa de 5c fd ab fb 0f c1 f7 b6 b1 ff 00 cf 5f 3b fd 66 df f9 66 df dc ac 79 e7 cf e4 5d 31 34 bd 3f 4e d4 b5 4f ed 48 ff 00 b5 2c 34 fb 5f dd c5 61 2c 2e ff 00 6b fe 2f 9f fe 79 d5 fd 3e 1d 47 52 d6 a2 8e 3d 0e 6f 2f cd fd d6 ab e4 ec f2 d3 fb df 2f df ff 00 81 53 2c f4 fb 6f ec c8 ad fc fd 52 29 22 97 cc 96 5f 3b
                                                      Data Ascii: m]:j}Cn>OzhMR\<%$_:_Kzjk?o|*Vod_h^f%WJ K9?yuuwe.j<\_;ffy]14?NOH,4_a,.k/y>GR=o//S,oR)"_;
                                                      2025-01-14 21:42:47 UTC16384INData Raw: 6f 9f fe d9 ec aa de 20 fe c1 b3 d2 e2 f0 9c 9e 75 d5 c7 95 1f fa d8 76 7f df 72 25 74 cf 93 d9 a8 91 c9 33 12 df 47 d6 7c 67 f6 af 33 43 d1 62 b7 8a 5f de df c5 36 f7 9d ff 00 dd e9 4f d5 2c 6e 7e d9 17 86 ee 34 a8 62 b3 b0 8b cc ba ba ff 00 53 6f 1f fb 95 71 2c ad 93 46 fb 05 e5 8d 95 8f 95 fb bb 5b 0d 2a f5 d3 cb dd fc 4d 27 f7 eb 37 c6 9e 37 d2 b4 7b 2f f8 43 f4 79 e6 d5 2c ed 62 f2 ee af e2 fb 90 4a df c1 2f f7 e8 83 ad 52 7f ba fb 3f d5 c2 7c 83 6f 2c 74 1f 09 43 2d e4 97 d3 5f c9 2f fa ab ad 3e cd 2e 3e 76 ff 00 3f 7a 8a b9 a7 f8 5f 51 d1 f4 5b 5b 3d 22 cb 4c ba 92 59 63 96 ea c2 d2 f5 d3 ef 7f 0d 15 a5 e9 c9 b6 dd fc c2 c6 37 da 34 ed 4a ca 2d 42 48 21 b5 f2 a5 fd ed af dc 9a 3f f7 2a e5 bd c4 96 de 55 c5 bc 10 cb 6f 17 fc ba cb fd fa 65 c2 5b 68
                                                      Data Ascii: o uvr%t3G|g3Cb_6O,n~4bSoq,F[*M'77{/Cy,bJ/R?|o,tC-_/>.>v?z_Q[[="LYc74J-BH!?*Uoe[h
                                                      2025-01-14 21:42:47 UTC16067INData Raw: 04 58 49 fd 95 a3 5f c1 e5 27 da ac 3c 9d 97 de 6b 7d f6 8e 5a b3 e1 78 7c 56 ff 00 da 9a fd e7 85 ff 00 b3 24 97 f7 71 58 45 79 f3 cf fe d4 92 53 34 b8 35 e9 af 7f d2 e7 bd fe df f9 ed ad 6f f4 f8 7f e5 92 ff 00 cb 37 dd 4e b7 b2 d4 61 d3 3e d1 79 a5 f9 51 cb 2f 97 75 e5 7c ff 00 f6 d2 46 76 ac eb d7 87 27 24 61 1b f7 1f 21 47 48 7b 3b cf 35 2e 34 48 74 bb 7b 59 7f e5 ac 2f fb c6 fe f7 9b fd ed d5 66 f3 ec 49 7b 2c 56 f7 da d6 a9 e6 ff 00 aa b0 bb d3 13 f7 0f fc 5b 93 f8 eb 1b 50 f1 ad 95 9e b3 6b 61 a7 d8 cd f6 78 b7 f9 b2 f9 df 69 f2 3f bb e6 54 f7 1e 24 d4 6f d6 d5 2c ec b5 3b eb 39 22 79 3f b5 3f d7 26 cf f6 95 3f 8b fb b5 5e c6 ba f7 b9 6c 89 2c d9 a4 76 37 ba 7c 97 93 e9 96 bf 6a 96 48 fe cb 69 a6 79 2f fe db 6d fe 0d d5 d0 68 77 ba 0d 87 fa 64 70
                                                      Data Ascii: XI_'<k}Zx|V$qXEyS45o7Na>yQ/u|Fv'$a!GH{;5.4Ht{Y/fI{,V[Pkaxi?T$o,;9"y??&?^l,v7|jHiy/mhwdp
                                                      2025-01-14 21:42:47 UTC16384INData Raw: 0f 42 b8 87 5a 86 4d 52 7d 17 5e 8e d6 2f f4 0b 5d 3f 62 4d 71 ff 00 5d 99 2b 9b db 61 a1 47 92 94 fd e0 f7 fe d1 c7 de 78 6a f7 5e bd 9a e2 cf c3 96 57 fa a6 a9 fe b6 5b 4d 89 63 04 4b f7 5f c9 fe fd 6f 35 fc 7e 12 b1 b5 f0 84 9e 1d d4 f5 39 35 4f f8 fa 96 2f f8 f9 83 fd cf e3 e2 8d 1d f5 1d 4a ce ef cb ff 00 8a 4f fd 3f ca 97 45 8a 1f 39 ef e5 ff 00 7e ac 78 83 50 fe ca 82 d7 c1 9a 3e 89 37 f6 84 5f bc ba ba f3 b6 3c 72 ff 00 73 cd 6e 6b 59 57 94 bf 77 3e 86 9c 90 2b ea 0f 7b e0 0f 0f c5 ff 00 12 a8 75 4d 3f cd 93 f7 ba 84 db 35 18 df f8 7f 8a b2 7c 0f aa dc de 4d 75 6f e2 4f b6 da f9 b2 ff 00 a2 c5 e7 6f 7f fb ef fb b5 5f c2 fe 0e d2 b4 e9 bf b7 3e 25 f8 8f 4c b6 bc 93 fe 3d 74 bf 3b ce b8 9f 6f f7 ab bc b7 d5 7c 31 a2 79 52 5b f8 73 53 b5 d4 2e a5 fd
                                                      Data Ascii: BZMR}^/]?bMq]+aGxj^W[McK_o5~95O/JO?E9~xP>7_<rsnkYWw>+{uM?5|MuoOo_>%L=t;o|1yR[sS.
                                                      2025-01-14 21:42:47 UTC16384INData Raw: 6e 7c db cd 03 44 b3 d2 fc a8 bc bf b7 ea 17 be 4c d7 1f ee 7f 7d 7f f4 2a 9b 50 7d 67 ec 72 c7 ad f8 c3 c3 f6 1f bd ff 00 45 96 d2 cf f7 3f fd 9d 69 69 09 be 1f 33 50 d5 34 5d 7a e2 2f dd da da c5 64 fb e3 6f f7 eb 49 d6 54 61 70 38 fb 4d 0a e3 c2 b0 7f 68 5c 0d 6b 5e 92 fe 2f f8 98 5a cb 37 d9 2d 3c df ef 23 d5 eb 7f 05 5e f8 86 1f b6 68 fe 1c b2 d2 ff 00 7b e6 4b 14 d7 be 72 7f d7 44 4f ef 57 5b 67 71 e1 db 6d 4e 5b 8d 43 55 bd bf b8 8b cc f3 6d 65 87 ce b7 83 ff 00 89 6a cb f1 3f c5 7f 0e 7f ac b0 d2 e6 d7 6e 3f ea 1f 07 92 f6 09 fe d5 74 43 19 8a a9 ef 52 87 bd dc 39 21 f6 89 ac fe 1b db 58 43 f6 cf 12 4d 35 fd e7 9b e6 7d aa d2 6f 27 ed 0d ff 00 3c d9 12 a9 f8 ae 5d 56 ce f6 6b 7d 23 fb 33 cc ff 00 59 2f 9b 0b c3 f7 bf e7 95 4d 71 7f 73 79 63 f6 7f
                                                      Data Ascii: n|DL}*P}grE?ii3P4]z/doITap8Mh\k^/Z7-<#^h{KrDOW[gqmN[CUmej?n?tCR9!XCM5}o'<]Vk}#3Y/Mqsyc


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      1192.168.2.650144150.171.28.10443
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-14 21:42:47 UTC375OUTGET /th?id=OADD2.10239360422984_1O5I4N56JBATVHLO0&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate, br
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                      Host: tse1.mm.bing.net
                                                      Connection: Keep-Alive
                                                      2025-01-14 21:42:47 UTC854INHTTP/1.1 200 OK
                                                      Cache-Control: public, max-age=2592000
                                                      Content-Length: 944899
                                                      Content-Type: image/jpeg
                                                      X-Cache: TCP_HIT
                                                      Access-Control-Allow-Origin: *
                                                      Access-Control-Allow-Headers: *
                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                      Timing-Allow-Origin: *
                                                      Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                      NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      X-MSEdge-Ref: Ref A: E4654BE9F9EA49F295635BA005A4BD03 Ref B: EWR30EDGE0812 Ref C: 2025-01-14T21:42:47Z
                                                      Date: Tue, 14 Jan 2025 21:42:47 GMT
                                                      Connection: close
                                                      2025-01-14 21:42:47 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 18 8c 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 35 3a 31 33 20 31 38 3a 35 39 3a 35 33 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01
                                                      Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 24.4 (Windows)2023:05:13 18:59:538
                                                      2025-01-14 21:42:47 UTC16384INData Raw: 95 66 ff 00 4d b9 86 44 b5 7d 5e f6 c9 ed 76 cd 3a 3f df 92 2f ef 42 df de f5 ae 58 cf d9 a8 c6 ff 00 d7 98 1c 9f 8b bc 17 79 aa 48 96 57 be 65 ae b1 75 6a d3 4f b2 3f dc c7 d3 fe f8 88 d7 9b a7 86 f5 2d 2f c4 1e 6d de 99 f6 db 44 7f 26 7b 58 e3 f2 5f 7f a2 c7 d7 dc fa d7 ba ea 53 59 b7 9d 64 6f 6c e6 d4 2f 60 5f b1 5a df 79 b7 13 41 13 37 cb e6 48 9f 7b 77 f7 8f dd aa b3 58 f8 4f 48 b2 b2 d1 f5 d9 2f 53 50 f2 1b c8 93 cc fb 47 97 2b ff 00 cf 27 07 3f f7 df 4a f5 b0 79 d5 7a 11 e4 6a e9 f4 b7 e2 65 ec e2 78 d6 89 71 6d 26 ad 7c 90 c5 25 ad c2 4e ce f7 51 c7 fb 98 d3 fe 59 c4 d0 e3 e5 f9 ba d7 41 79 f1 3b c6 7a 0d 95 ac a9 6d a5 4c 91 a2 ef 48 2f 3c ef 31 1b a6 df f9 68 99 fe f5 5e bf d1 74 7d 0e 4d 56 e1 2f bc 9b 8b d4 5b 67 7b bf f9 78 45 6d ce 15 ff 00
                                                      Data Ascii: fMD}^v:?/BXyHWeujO?-/mD&{X_SYdol/`_ZyA7H{wXOH/SPG+'?Jyzjexqm&|%NQYAy;zmLH/<1h^t}MV/[g{xEm
                                                      2025-01-14 21:42:47 UTC16384INData Raw: b5 db f3 76 f9 3f f4 2a 99 4a 11 97 37 35 c2 3e f1 cd cd a6 dc ea d6 32 59 5d c5 6f f3 ed 4d e9 70 ce ff 00 27 f0 c5 8f f6 78 da 38 5e f5 a9 67 a6 e9 ba 5c 97 49 e5 7d 97 67 cf 74 91 ff 00 cb 05 5f b9 1a 7f 0a ff 00 e8 55 b1 35 bf da 3c c8 ae 2c 7c bb 48 5d 9d 3f 78 9f f7 db b2 fc df 4a cc 86 de f3 52 b6 82 cb ec d7 b7 49 33 ef 9a 09 24 d9 69 1f 7c a7 1f a9 e6 b8 a5 88 75 3d de 6d 3b 15 cb ca 5f f0 db 5b 7d a2 e9 e2 be b9 bd bb fb 9f 65 93 7e c8 3f de df c3 7f c0 aa 5d 53 c4 b6 76 d2 e3 54 96 3d 3e ca 14 ff 00 5d 04 7e 73 ef ff 00 80 0f 93 f0 ac fd 62 ce e6 6b 9f ec 78 af a4 ba df f2 5e f9 ff 00 72 05 6f 9b 6a 95 3d 5b b5 67 e9 b3 4d a2 47 05 86 91 f6 78 53 cf 69 9e c9 2d d5 ee 36 ee e3 ef 9e ff 00 fd 7a ca 14 d4 9d dc 9f a7 f5 fe 46 9c c5 cb 77 d0 b5 1b
                                                      Data Ascii: v?*J75>2Y]oMp'x8^g\I}gt_U5<,|H]?xJRI3$i|u=m;_[}e~?]SvT=>]~sbkx^roj=[gMGxSi-6zFw
                                                      2025-01-14 21:42:47 UTC16384INData Raw: 78 6e 2a f5 9f 86 6d a4 ff 00 89 85 dd b5 c4 30 a7 c8 fe 44 89 37 fe 39 fc 1f 8d 47 35 aa 49 1c 6f a3 ea f7 10 a3 fc 96 be 5c 7f 24 7f c3 f3 7f 79 8d 79 b5 b1 7e d2 f2 8c 9a ee 54 62 48 fa 2f f6 5c 9f da 7a 56 9b 6f 0c 57 4f bf 7c 9f 24 db 97 87 8b 67 f1 62 8b ff 00 11 68 97 96 d2 5b dc 4b 71 f6 87 fb 9e 44 7f c7 df 2b fd 6a 1b 3d 3e e6 4b 6b ab 8b 49 63 87 56 df fb f7 9e 4f df 48 8b d5 b6 f5 45 ad 28 6d 74 db 5b 6f b4 6a b2 db da dd c3 03 3c f7 a9 6f e7 4d 27 fb 9f ed 7a d7 97 39 53 e6 8f 35 db e9 dc d4 cf d3 74 dd 36 fa da 44 d2 a2 b9 d3 ed 2e 9f ce be ba f3 3f 81 7f 8c 7f 77 e9 5d 05 82 a5 9e 9b 25 bd a4 5e 75 a3 c1 f2 4f fc 72 7c 9f ed 7e 95 0d b4 97 31 f9 71 69 97 d6 7f 71 bc 88 24 93 64 37 1e c4 7f 0f d2 b1 ff 00 b4 a6 8e 39 ee 2f 63 b7 b2 69 bf e5
                                                      Data Ascii: xn*m0D79G5Io\$yy~TbH/\zVoWO|$gbh[KqD+j=>KkIcVOHE(mt[oj<oM'z9S5t6D.?w]%^uOr|~1qiq$d79/ci
                                                      2025-01-14 21:42:47 UTC16384INData Raw: cd 28 e8 60 6a 5a d7 8d b5 e9 20 d3 f4 c9 7e d5 a6 4c ff 00 bf 81 2e 1f f7 f1 7f 7a 50 c3 7a af fb b5 6d f5 7b 9b 3b 97 bb be d3 75 5f 3a 4d a9 a5 ff 00 a3 ef b7 b7 45 f9 7f 76 58 e2 75 5e 9d b3 5d 0d f7 f6 f5 e4 9f 62 f0 54 9f 62 b8 f2 f7 ba 3d 9a 23 c8 ad f7 95 0b 72 8d f2 ff 00 c0 aa 3d 2a c7 c6 72 6a d2 78 83 50 be b7 d3 fe cb f2 24 13 db f9 3e 63 af 03 ce cf cb bb fd b1 d6 b7 f6 d4 e5 0f 86 29 2e 9d 48 e5 97 37 c4 53 91 5e 4d 73 ed 1a 97 c9 77 e6 7f c7 f5 8f 9b 6f f7 53 e6 f9 9b 9d cc cd fd dc 55 2b 0b 7b 3d 6a da fb 52 7b eb 37 fb 6b f9 29 06 ab 27 fa 44 10 23 7f cb 25 4f 9e 4f 9b d5 6b 4a f2 4d 1f 49 d6 9f 54 d4 b4 db 8b 2d 6e 64 64 4f dd fd ad 24 5e bb ad 7f 81 bd 68 be 86 da 7b 2f ed 2d 73 53 b7 d4 e1 93 e7 8e 0f b1 bf da 6e e5 5f f9 68 91 c6 37
                                                      Data Ascii: (`jZ ~L.zPzm{;u_:MEvXu^]bTb=#r=*rjxP$>c).H7S^MswoSU+{=jR{7k)'D#%OOkJMIT-nddO$^h{/-sSn_h7
                                                      2025-01-14 21:42:47 UTC16384INData Raw: 67 e1 ad 17 c6 d0 c7 a8 f8 c3 48 d7 2c bc 66 ce 92 c3 22 5f 6a 1e 4d cc 72 ff 00 d3 25 fb 9e 60 fe 15 6a c9 f0 8f 89 2f 35 2f 12 69 c9 e2 6d 37 c3 53 36 9a fb ee 92 fa 3d 97 7a 6c 51 e7 21 9f 85 52 5b b3 1f 9a a4 93 44 f0 ac 7a 26 fb 59 7c 44 9a 4e 9f 3e c9 2f 6e ee 22 7b 1d bc 7f cb 18 f0 db 59 be 55 27 ad 76 37 9f 10 3c 2b ff 00 08 ff 00 f6 87 84 ac 74 14 ff 00 42 68 6f 6d 6f a3 ff 00 89 be e5 ff 00 96 9b 9f f7 5b 49 fb 83 e6 db 5f 37 4f 2d 8e 61 cf 57 0d 4d 2e 97 da df 99 dd 19 54 a7 f1 f4 31 fc 38 9a 97 8a ad 5e e2 df c4 3e 19 fd f4 ec 8f 3c 11 cb f6 b8 d9 be 72 f2 37 ca ab b5 7e ea 37 4f e1 af 48 f0 bd b4 be 04 d2 6f 6e 34 af 8a 57 9b 75 2b 27 b7 78 52 2b 7f b3 c7 fc 2a ec d2 2e e5 7c fb d7 11 e2 08 35 5f 19 6b 56 36 f7 1a 1d e3 ad d5 94 09 bf 46 b6
                                                      Data Ascii: gH,f"_jMr%`j/5/im7S6=zlQ!R[Dz&Y|DN>/n"{YU'v7<+tBhomo[I_7O-aWM.T18^><r7~7OHon4Wu+'xR+*.|5_kV6F
                                                      2025-01-14 21:42:47 UTC16384INData Raw: b6 3c 33 b7 b6 df e2 ff 00 7b e6 a8 a4 d3 7c 53 24 b0 69 b7 3a 46 85 7b 69 bf e4 7b 1f b9 1a ed fb ef fc 51 b6 6b 2a ff 00 52 b3 f0 ad ec f1 7f 64 49 0b c6 9b 1f f7 71 7d 9e d1 1b f8 5a 3f f9 6a cd fd f1 5d 28 d4 35 58 6d ee ac b4 0b a9 26 d4 e4 82 37 78 2d 37 db bc 71 7d ed d2 86 5d ad 8f 4a e4 a9 19 45 fb 44 ae 9e cd fe 65 47 b1 52 1f 0f d9 e9 36 d7 57 ba 15 cd ed 93 5d 26 cb ab ab e9 11 ff 00 7b 1f cd f5 5a e6 ee 5b c4 33 6b 7a 6f 95 ab c9 74 ee 9b fe cb 1c 9f 3f 95 fc 47 e6 e3 9a e8 3c 67 e1 db 6d 63 48 ba b7 48 b4 e7 b8 7f 9e 79 e3 bd f9 f7 b7 dd f2 76 7f e8 0c 2b 07 c3 7f 0f d3 4f b6 f3 75 5d 32 f6 f5 dd 3e 47 8e e1 d2 1f fb e3 8d d5 be 16 a5 39 53 75 6a ce f2 f4 09 73 47 dd 25 9b fd 2b 5a 9e ff 00 58 b1 bd d3 e2 44 d9 03 cf 71 2a 43 3f fb f8 fe 2f
                                                      Data Ascii: <3{|S$i:F{i{Qk*RdIq}Z?j](5Xm&7x-7q}]JEDeGR6W]&{Z[3kzot?G<gmcHHyv+Ou]2>G9SujsG%+ZXDq*C?/
                                                      2025-01-14 21:42:47 UTC16067INData Raw: 3c bc df 13 4b ee 23 98 d4 ff 00 84 6e c2 fb fe 26 11 4b 70 e8 f0 6f 92 ca 09 17 66 ce bf 72 ac 5c ea 50 d8 cb f6 89 7f b5 6e b5 07 8d 76 24 96 e8 fe 5f f7 7f 2f e5 58 36 ba 0f 89 cd f6 d4 d4 a4 87 ed 4f be 78 e0 91 3f 76 bd 7e 59 2b a2 b3 85 34 db 94 d4 35 bf ed 5b dd 43 7f c8 89 26 cf 2f fd f6 fe ef ad 67 52 a7 2c b4 9f 3f 64 1f 22 8c d7 6b 0f 97 77 2d 8c 7a b4 b3 7c ef a7 7d f4 9e 26 fb 8d 9f 6f 61 f2 d6 b6 8f 79 aa de 69 a9 71 7b 6b f6 54 df fb fb 58 fe 4f 33 f8 b7 3b 75 ad 0f ed ef b2 e9 31 dd 5b d8 fd 99 1e 4d f3 a3 ed 7f f8 1a ba fd d6 fa 1c 1a c6 d5 6c 6c ee 06 ff 00 11 6a 57 17 57 72 7c fb ed 3f d4 c7 bb fb ff 00 de 6a e4 a9 53 9a 3c b3 8f 5f 56 51 b7 e2 ad 62 c2 ea c6 0d 3e de da ca e9 e1 db bf ec 32 6c 44 4e ab ee 95 8b a5 e8 ba ad fd cc 7a 95
                                                      Data Ascii: <K#n&Kpofr\Pnv$_/X6Ox?v~Y+45[C&/gR,?d"kw-z|}&oayiq{kTXO3;u1[MlljWWr|?jS<_VQb>2lDNz
                                                      2025-01-14 21:42:47 UTC16384INData Raw: 26 57 4d 9f bb 91 ad d2 e3 f8 bf 79 16 7e 5a 6a f8 92 6d 1e 4b a8 a5 b1 d4 2d 7c 98 37 f9 d0 79 48 96 88 dd 95 e3 e5 19 7a f3 5c f6 bd af 3a cd 7b 7b 71 e1 2b 7d 3e 5b 97 ff 00 42 7d 57 7a 43 7e bf ed 6f f9 b9 eb f2 f3 59 29 af de 5f 5e 5d 3d ed ad e6 ad 6f a8 79 49 b1 ed f6 5a 58 44 bf f4 cd 3e 59 d7 3f c5 bb 77 b5 74 d2 c0 d6 ab 14 ea ea 97 9f e4 4c aa 46 3b 1b 57 9e 25 b9 d6 34 99 ee 6d 6f b5 0d 41 2d 7e 4f ed 77 8d 52 1f fb 78 bb fe 26 1f c3 b3 75 4f a3 f8 96 db 5c b7 dd a8 49 f6 a7 4f 91 ee a7 b7 6b 7b 49 11 7a b3 dc f0 fb 3f 11 9e 95 ce 27 8b 34 ab 89 23 d3 74 7d 36 f2 1b 7b 3f b9 3d f5 e2 c5 a5 c8 bf df 78 d3 e5 4f f7 7f ad 6c f8 83 4d b3 d6 b4 d8 2c ad fe db 75 35 d6 d8 6c a0 fe d1 d9 63 f2 ff 00 cf 28 d3 8f 2b f5 ad e7 87 a5 0f 8e 2e 3d 9f f9 91
                                                      Data Ascii: &WMy~ZjmK-|7yHz\:{{q+}>[B}WzC~oY)_^]=oyIZXD>Y?wtLF;W%4moA-~OwRx&uO\IOk{Iz?'4#t}6{?=xOlM,u5lc(+.=
                                                      2025-01-14 21:42:47 UTC16384INData Raw: 26 44 e3 fe 05 5d 77 8a b5 4f f8 46 74 5b 59 ad 64 8e d7 7a 7d 9a 7b df 33 ce b8 83 fb c6 3d aa db 9f fd ad b5 f0 38 ec d5 d6 c5 2e 55 7d 7b ff 00 5f 81 f4 b4 30 dc 94 cf 39 d3 fc 17 e4 5c c2 ff 00 66 91 f5 29 3e 78 34 fd 3a dd bc a9 15 97 e5 8d 76 b6 c5 51 de bb 28 67 d7 6f 2e 61 b6 d4 a5 b3 d3 34 7b 27 6f ed a7 8c 2f fa 03 6c 1b 23 5f 39 57 af 43 83 f4 ab 90 78 b9 c6 83 7d fd 97 1c 68 db db ed ba 8d d5 bb 5b fc cc a3 88 a3 8d 7f 7d 23 77 2a 00 a6 ea 56 7a 76 9b f6 59 75 5f 02 eb 37 3a 94 31 ff 00 a2 fd aa 35 b8 fb 47 fb 0b bb f7 70 c4 1b e6 e7 e6 af 26 75 eb 54 a9 fb f8 dd f4 fe bf ae fb 1d 11 8c 7e c9 87 e0 5b 0f 0d 78 7e e2 ea e3 c0 d6 da c7 9d ac ee f2 27 be b7 6b 7b 79 11 9f e7 48 37 b1 f3 3d ea d1 9a 49 a3 ba d3 6e 74 eb 94 d2 b4 db d5 b4 bd b5 f3
                                                      Data Ascii: &D]wOFt[Ydz}{3=8.U}{_09\f)>x4:vQ(go.a4{'o/l#_9WCx}h[}#w*VzvYu_7:15Gp&uT~[x~'k{yH7=Int


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      2192.168.2.650145150.171.28.10443
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-14 21:42:47 UTC346OUTGET /th?id=OADD2.10239381210195_1GJ8WP9CBLTF1DARK&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate, br
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                      Host: tse1.mm.bing.net
                                                      Connection: Keep-Alive
                                                      2025-01-14 21:42:47 UTC854INHTTP/1.1 200 OK
                                                      Cache-Control: public, max-age=2592000
                                                      Content-Length: 859678
                                                      Content-Type: image/jpeg
                                                      X-Cache: TCP_HIT
                                                      Access-Control-Allow-Origin: *
                                                      Access-Control-Allow-Headers: *
                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                      Timing-Allow-Origin: *
                                                      Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                      NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      X-MSEdge-Ref: Ref A: 8DBEB04994F14646ADDF68767F2A330A Ref B: EWR30EDGE0110 Ref C: 2025-01-14T21:42:47Z
                                                      Date: Tue, 14 Jan 2025 21:42:46 GMT
                                                      Connection: close
                                                      2025-01-14 21:42:47 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 04 04 04 04 05 09 06 05 05 05 05 0b 08 08 06 09 0d 0b 0d 0d 0d 0b 0c 0c 0e 10 14 11 0e 0f 13 0f 0c 0c 12 18 12 13 15 16 17 17 17 0e 11 19 1b 19 16 1a 14 16 17 16 ff db 00 43 01 04 04 04 05 05 05 0a 06 06 0a 16 0f 0c 0f 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                      Data Ascii: JFIFCC8"}!1AQa"q2
                                                      2025-01-14 21:42:47 UTC16384INData Raw: 6b 3f f6 7d d0 35 ad 4b c1 d7 9a 36 b9 7d 6f a3 f8 4f 55 94 5b 4f fd b1 e1 e9 26 8c cf 08 dd 14 89 71 b8 08 80 76 64 27 82 09 04 7d ec d7 1b f0 de cf c2 1a 6e a3 a3 eb da d6 a5 63 26 8f 6d ac 45 1e ad a6 15 cd e4 50 1c 91 2a 23 0c 4b 11 3f 7b 67 29 83 91 cd 7b 77 c7 cf 8b 7a 14 9f 09 21 ff 00 84 4a f2 c7 c6 be 1f d4 dd f4 ed 5a cb 54 88 43 25 94 65 08 8c 29 8b 6b 23 29 03 05 90 e4 1f bd 5c fc ad 3b 2e a6 aa 4a 4a ef a1 e0 9f b4 55 fd 95 d5 e5 a6 9e f6 3a 14 97 5a 06 a1 35 84 ba a5 85 cb 4a da a4 63 0e 9e 60 3d 55 09 2a 24 07 27 90 79 15 ce 68 93 e8 73 ad b6 91 aa 6a b2 e8 30 5c 6a 0b 2b 6a 5b 24 b9 4b 28 88 20 93 0a f3 20 07 61 dc 3e 61 8e fd 2a cd e7 87 b4 a9 7e 15 c5 e2 35 f1 45 b4 da d4 1a 88 b1 b9 d0 7c 9d b7 09 09 1f 25 d2 b6 70 c1 88 c9 18 c0 f5 cf
                                                      Data Ascii: k?}5K6}oOU[O&qvd'}nc&mEP*#K?{g){wz!JZTC%e)k#)\;.JJU:Z5Jc`=U*$'yhsj0\j+j[$K( a>a*~5E|%p
                                                      2025-01-14 21:42:47 UTC16384INData Raw: 81 b3 d0 9e d5 af 76 5a 0b 7e 1b 24 8a e5 a9 b9 d5 4e f6 23 92 60 f6 b8 94 fc c3 ae 45 60 dc 69 ca c6 47 46 c8 ea 2a ec d2 17 89 80 ce ef 5a a1 3c ed 1a ed 2d f3 56 b4 a2 d6 c6 55 24 9e e6 64 d1 bc 67 e6 15 19 06 ac b9 dc db bd 7d e9 ac 99 fc eb b5 33 8d c4 af cd 18 a9 bc bf 53 4d 65 e2 aa e4 b8 b2 2c 51 83 e9 4f c6 3b 52 f1 45 c5 62 78 ee 19 63 c0 3c e2 a0 99 d9 db 26 97 34 9d 7a 0a 49 24 ca 6d b4 46 47 bd 26 29 ec 09 a3 6d 59 04 67 02 93 d8 0a 93 60 34 08 e9 dc 08 f9 a3 06 a5 0a 07 4c d2 e2 95 c0 8d 54 d2 85 34 f0 29 d8 f6 a0 06 2a 1e f4 f0 07 ad 1c f6 a0 0a 06 87 70 3a 52 67 da 97 19 a3 02 81 8d a4 a7 e2 93 b7 6a 04 37 19 a4 db 4f a2 81 58 4c 51 b6 9d 45 03 b0 cd 94 6c 14 f0 28 22 81 d8 8f 6e 29 71 8f fe b5 3b 14 94 08 4a 5a 4e 94 bd 28 00 f6 a0 e2 9b
                                                      Data Ascii: vZ~$N#`E`iGF*Z<-VU$dg}3SMe,QO;REbxc<&4zI$mFG&)mYg`4LT4)*p:Rgj7OXLQEl("n)q;JZN(
                                                      2025-01-14 21:42:47 UTC16384INData Raw: d6 76 ab 78 90 45 80 0e 7b 11 da a0 b1 d5 3c f9 36 81 b7 03 ab 55 5d 21 1b de 7e 5f cb 1c fa 9a a3 79 6c 25 94 b1 71 b7 a9 15 6a 07 8f c9 2c 4e 77 7e b5 53 51 53 e5 93 12 f3 fc 40 76 aa 62 39 bd 7b e4 b8 e3 6a 20 63 85 f4 1e f5 15 ad d4 65 77 2b ec 55 19 72 dd c7 b5 1a b2 48 97 0d e7 ab 61 97 20 91 cd 63 ea 51 5c 40 a8 4e 3e 7e 88 bd 71 50 95 c5 27 62 fc da b3 bb 31 54 f9 3a 2b 63 a5 65 dd 5d b8 c8 61 9c f4 24 d5 cb 9b c0 b6 d0 5a a4 7e 5a 46 bf bc c8 e4 b7 53 59 ba b1 22 6f 99 70 bb 43 2a 9e ca 6a e2 95 cc a5 27 6d c8 2e 1d 8a e7 18 cd 53 91 b3 56 a4 7f 36 35 55 5f ba 38 aa 8e 08 c8 35 bc 51 84 98 c7 38 5e 95 03 b5 3e 43 9f 5a 85 b2 6b 44 64 d8 33 66 9b cd 14 1a b2 06 e2 9a 69 de f4 de b4 d0 08 c3 bd 20 14 ea 29 88 45 14 a5 32 b9 a5 f6 a5 c6 38 06 93 18
                                                      Data Ascii: vxE{<6U]!~_yl%qj,Nw~SQS@vb9{j cew+UrHa cQ\@N>~qP'b1T:+ce]a$Z~ZFSY"opC*j'm.SV65U_85Q8^>CZkDd3fi )E28
                                                      2025-01-14 21:42:47 UTC16384INData Raw: 6f 32 6c 72 d7 16 69 61 18 56 97 32 b3 6e 6d 9d 55 07 4f d4 fe 95 04 77 70 6e 13 08 32 63 6d aa 48 fb de c7 df fc 6b d2 fc 51 e1 ef 0f eb a2 2b 1b 19 26 d2 ae 6d ff 00 d1 de 6f 27 11 dc 65 be 60 18 9e 07 3f c5 e9 8e 95 ca 7c 46 f0 4e a7 a0 da 5b dc 48 21 b8 84 ee c5 d5 91 2c 99 5e a1 c0 e9 c0 07 23 8e 69 50 c6 52 a9 64 dd a4 fa 31 b4 73 cf 94 59 da 19 a5 f2 66 65 33 c7 c1 e4 74 6c 7a 8a b7 a5 de 48 b9 bb 81 7c c8 e3 38 f9 f0 1b 38 ec 0f 53 fe 35 89 75 3b 0e 0a ae c9 88 24 a9 e4 d5 bf 38 c1 71 03 ed 76 2b d9 7e 9d f3 5d b6 21 c6 e6 dc 9a 9c ad 0a 3b 2c 29 1c db 57 2f d9 fa 91 c7 41 fe 35 56 65 96 3d 66 ea 68 ce e5 91 42 0f 37 e6 65 e7 a0 3f d6 a2 d3 ee 92 3d f1 4d bb 6c 9b 4f 29 9a 96 ea ed 2e af 1d c9 39 62 09 2d 8c a9 f5 fc 71 53 b1 2a 3a 85 83 14 9e e7
                                                      Data Ascii: o2lriaV2nmUOwpn2cmHkQ+&mo'e`?|FN[H!,^#iPRd1sYfe3tlzH|88S5u;$8qv+~]!;,)W/A5Ve=fhB7e?=MlO).9b-qS*:
                                                      2025-01-14 21:42:47 UTC16384INData Raw: 58 31 66 6e f5 98 16 b5 03 fb b3 8a ca 4f 33 fb b9 c9 ad 69 70 f9 07 bd 31 62 03 b5 03 b5 ca f6 b6 ca 4e f2 bf 35 5c 58 c2 8c 01 4a a3 6d 2a f5 e6 81 a1 d1 a0 a9 92 35 5a 6c 63 1c d3 8b 53 01 71 43 01 8e 29 9b e9 0b d0 03 83 91 48 d2 9f 5a 8d 9a 98 cc 07 7a 40 48 d2 9a 69 97 de a0 79 00 ef 51 49 2f bd 2b 8e c5 b6 9b de a3 69 87 ad 51 92 7c 71 9a 8d a5 3e b4 ae c3 42 ec 93 67 bd 40 f2 73 55 7c df 7a 7a 12 79 26 90 c9 4b d3 1e 50 bd 4d 24 9c 2f 35 42 f2 63 9f 94 74 eb 4d 2b 89 bb 13 cd 70 31 9c d6 55 f5 c1 67 c0 39 00 f3 49 75 34 8d d0 71 ed 55 8a 93 c9 35 b4 20 63 29 0d 9a 52 7a 54 70 ce 47 18 a5 90 1c e0 0a 5b 78 9b cc cd 6f ca ac 65 77 72 58 94 c8 ca 30 c4 b1 c0 50 3a fb 0a f1 9f da ab e3 3d 9f 87 f4 9d 53 c0 5e 15 65 b9 d5 e7 85 ad 75 5b f5 3f bb b0 56
                                                      Data Ascii: X1fnO3ip1bN5\XJm*5ZlcSqC)HZz@HiyQI/+iQ|q>Bg@sU|zzy&KPM$/5BctM+p1Ug9Iu4qU5 c)RzTpG[xoewrX0P:=S^eu[?V
                                                      2025-01-14 21:42:47 UTC16384INData Raw: 33 6e 56 0b 93 8e 0e 07 7a c5 50 a5 7b 24 4a 8a 6c f4 16 f1 56 99 a0 da b4 36 31 ad f4 93 fe f1 35 01 07 97 35 bb 0f be 09 eb cf a7 bd 67 6a 1e 34 d5 af 2d a2 b8 d3 a5 4b 13 6d 26 f8 20 5c fe ef b9 54 6e c0 9f 9b 6f 4e 6b 8a 92 ea 6b a6 53 2c ce fb 14 2a ab 7f 08 1d bf fa f5 62 d6 67 fb 1c 96 c8 76 f9 cc 3a 1e 09 fe 9d 7a d3 8e 1e 9a d6 d7 65 46 09 1d 56 9b f1 2f 5d b8 bb 11 ea 12 b4 d0 33 86 74 8e 30 07 1d 82 e3 18 e7 93 d7 9a e8 74 cb 08 35 76 5d 46 2b b8 b4 70 d9 32 25 c4 32 48 11 8e 70 15 d0 e3 69 f9 7a f4 3d 6b 98 f0 77 86 2d 1e 31 73 75 a8 46 2e 9e 40 21 44 ff 00 56 57 a1 62 c0 83 90 7b 0f 4a d5 f1 9d b6 ad e1 1b 5d 36 41 7d 74 92 48 64 f2 c8 8c f9 21 57 d3 3f 29 c8 39 c1 ed 58 4b d9 73 f2 43 46 66 ec dd 91 15 e4 5a c5 84 de 7c 8f 0c 91 43 29 5b 83
                                                      Data Ascii: 3nVzP{$JlV6155gj4-Km& \TnoNkkS,*bgv:zeFV/]3t0t5v]F+p2%2Hpiz=kw-1suF.@!DVWb{J]6A}tHd!W?)9XKsCFfZ|C)[
                                                      2025-01-14 21:42:47 UTC16067INData Raw: c5 14 7e 60 84 ed 69 02 f4 e7 ee 9f 5f fe bd 3a f5 9a e9 57 cf b6 56 6d db 51 17 a7 1d f1 fd 2a 9e 87 24 d6 f6 b2 c0 cf 24 68 5f cc 54 c0 f9 a4 f7 3e 95 38 d4 9a 59 83 48 70 c8 c5 97 03 1b 0d 49 0f 72 ae b5 a7 59 ae 9c ad 6a 7f 78 8e 46 d8 e3 6e 9e b9 3d 7e 95 b7 f0 cf 4f b8 b6 69 b5 18 2c fe d1 a8 2a 6c 0a d8 2b 12 9f f9 69 df 0c 3d fa e6 af e8 64 6a 3b 96 e3 52 b7 b7 4c 8c 88 d4 0e 71 90 70 7a f4 e6 ab 6b d6 33 da b4 97 b2 be d8 d8 e0 ba 30 55 97 23 ef 10 0f e3 53 cf 7f 74 ae 6d 2c 69 eb 5e 33 d6 15 de de 3b 8f b3 dc c7 80 ec 80 a6 0f 42 07 a7 4f d6 ad 69 1e 28 b6 d4 63 10 6b 16 6b 71 70 72 b1 c7 20 ce cc 2f fa c5 0f 91 92 3b 8e 6b cf 76 dd ea 0e c6 ca d6 f2 e3 d5 c4 65 87 a6 49 ec 3d 49 ae 85 ad bc 51 14 92 69 b2 e9 84 4b 1c 8b 0f 9b 1a 86 65 38 e8 8d
                                                      Data Ascii: ~`i_:WVmQ*$$h_T>8YHpIrYjxFn=~Oi,*l+i=dj;RLqpzk30U#Stm,i^3;BOi(ckkqpr /;kveI=IQiKe8
                                                      2025-01-14 21:42:47 UTC16384INData Raw: 6f 4c d4 fc 2b e0 31 0a e8 ba 46 8f 75 26 86 1a 18 e4 b4 bf 6b a8 f5 17 20 a9 90 b8 da 1d 9d 8e e2 c7 2b b4 00 01 af 37 9f c2 1e 16 16 f2 eb 1a 9d c5 d8 8e 59 30 f1 5b ca 1f ef 03 92 a1 57 e5 50 78 c1 e6 b9 69 c2 37 bb 47 a3 52 72 6a c9 9e 79 0d ee ad aa 32 c7 3d f5 cc 86 46 c2 92 c5 b3 f4 51 d7 e9 cd 76 df 0f ed ef 66 b8 fb 0c 56 d6 77 4f 6b 35 bc d0 8b 86 2b 33 ab b9 2d 12 27 46 dd b4 b7 3f ca bb 3f 07 f8 7e de ce 46 7f 0e f8 65 a2 85 60 31 b5 e6 a6 ed 20 87 78 fe 06 19 c1 61 c0 1c 1e 4f 35 d9 fd ad bc 19 e1 d8 d3 44 d1 34 0d 16 fa 6b b0 d7 57 1a 7c 9e 71 9a 00 a0 62 49 9b 73 3a 92 48 0a 02 81 8f 4a de 55 34 b2 46 31 89 cd f8 d2 09 7f b5 2e 9a 58 16 d5 24 55 92 28 a1 60 55 13 25 55 17 a0 27 23 04 fa 8e 38 af 24 f1 ee 95 79 6d ae b5 a4 36 f7 0d 35 cc 7b
                                                      Data Ascii: oL+1Fu&k +7Y0[WPxi7GRrjy2=FQvfVwOk5+3-'F??~Fe`1 xaO5D4kW|qbIs:HJU4F1.X$U(`U%U'#8$ym65{
                                                      2025-01-14 21:42:47 UTC16384INData Raw: d3 ef 43 15 ce 12 ea 2d aa c7 a8 f9 c6 18 0e b5 c5 c3 e1 1f 87 f6 ba 84 b2 ea bf 6b b1 b1 be 95 6d e7 d3 7c 49 19 96 d6 46 53 b9 63 37 48 76 ca c1 b0 c3 79 ca e3 20 d5 f2 87 32 3e 48 b8 08 2c d9 e2 9e 1c cc fb 40 f3 06 e1 f4 1d 4d 47 31 66 8e 36 21 15 8f 2d b4 93 f3 74 fc 38 af b5 f5 cf 09 69 31 78 72 58 22 f8 79 a1 49 a5 9c b2 5d 69 cb 0c 90 b8 1d 01 c2 92 3e 99 1e b5 e3 9a 97 c0 df 0e dd ea d7 97 d6 fa 9e a1 a6 e9 f3 cf e6 2d 9c 30 ac 8b 64 84 81 b4 48 cc 4b 60 9c e3 be 70 08 a8 b1 51 7a 9e 39 a1 ea 56 ba 74 df be b7 49 37 8c 14 cf 38 c8 cf d0 f1 8f c6 bb f9 ae 34 df 13 69 b1 dd a4 53 d8 a7 9b e5 ac b1 a8 49 23 70 3e eb 93 8d dc 63 af 3f 95 79 fd 87 86 7c 41 7b a9 38 b2 d1 35 69 63 b7 9d 95 ee 23 d3 65 2a 81 1c fc ec 76 e0 74 ce 0f d2 bb 65 bc fb 74 31
                                                      Data Ascii: C-km|IFSc7Hvy 2>H,@MG1f6!-t8i1xrX"yI]i>-0dHK`pQz9VtI784iSI#p>c?y|A{85ic#e*vtet1


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      3192.168.2.650149150.171.28.10443
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-14 21:42:47 UTC346OUTGET /th?id=OADD2.10239381210196_1HI6M19EKP2WF4L1Q&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate, br
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                      Host: tse1.mm.bing.net
                                                      Connection: Keep-Alive
                                                      2025-01-14 21:42:47 UTC854INHTTP/1.1 200 OK
                                                      Cache-Control: public, max-age=2592000
                                                      Content-Length: 902927
                                                      Content-Type: image/jpeg
                                                      X-Cache: TCP_HIT
                                                      Access-Control-Allow-Origin: *
                                                      Access-Control-Allow-Headers: *
                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                      Timing-Allow-Origin: *
                                                      Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                      NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      X-MSEdge-Ref: Ref A: 4541F9F8337648968FF40B23B5C3A4EB Ref B: EWR30EDGE0209 Ref C: 2025-01-14T21:42:47Z
                                                      Date: Tue, 14 Jan 2025 21:42:47 GMT
                                                      Connection: close
                                                      2025-01-14 21:42:47 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 04 04 04 04 05 09 06 05 05 05 05 0b 08 08 06 09 0d 0b 0d 0d 0d 0b 0c 0c 0e 10 14 11 0e 0f 13 0f 0c 0c 12 18 12 13 15 16 17 17 17 0e 11 19 1b 19 16 1a 14 16 17 16 ff db 00 43 01 04 04 04 05 05 05 0a 06 06 0a 16 0f 0c 0f 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 ff c0 00 11 08 07 80 04 38 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                      Data Ascii: JFIFCC8"}!1AQa"q2
                                                      2025-01-14 21:42:47 UTC16384INData Raw: 69 17 7f 53 dc f6 70 97 c4 7d dd d7 0c 08 65 60 0a 91 d0 83 d0 8a 8e 4b db 18 6e 3e cd 35 ed bc 73 6c df e5 3c 80 36 df 5c 7a 7b d7 cf bf 0b 7f 68 7b 5d 37 4a 87 4e f1 65 9c b7 16 f1 ae d8 2f 2d 17 74 90 01 fc 12 c7 d4 81 d9 97 b7 6a 93 e3 97 c5 3d 02 ef 50 d3 2e bc 29 73 a7 6a 0c 62 67 9e 59 3e 57 b4 5e 33 b1 8e 32 c4 13 f2 7b 57 65 4c 7d 38 d3 e6 5b f6 31 8e 1e 4e 5e 47 ac fc 40 f1 ef 87 b4 3f 0f bd c2 f8 86 de da 47 ca 45 78 aa 25 8a 09 07 4f 30 7f 77 38 cf 7c 74 af 16 f8 81 f1 0f c4 5a e7 86 66 7f 09 78 b6 d6 5d 56 d1 cc ba a6 97 72 a9 1b bc 4a 32 e6 dc e4 07 5c 7c ca c3 39 18 cf 35 ea de 04 b8 f0 7e b5 f0 a2 d7 5c 4b 1d 2e f2 1b 85 20 cd 77 6e 8a 18 67 04 39 e7 91 d3 3e d5 47 c4 7e 1d f8 6d e3 8f 0c cd a1 6b b6 5a 6a 68 d0 b1 8e d6 ee d2 31 13 5a 4c
                                                      Data Ascii: iSp}e`Kn>5sl<6\z{h{]7JNe/-tj=P.)sjbgY>W^32{WeL}8[1N^G@?GEx%O0w8|tZfx]VrJ2\|95~\K. wng9>G~mkZjh1ZL
                                                      2025-01-14 21:42:47 UTC16384INData Raw: d3 b5 9d ba 06 ad 28 9e e2 d6 48 83 b4 72 01 cb 42 e7 98 f2 06 08 e7 35 97 71 a7 59 d8 e8 89 73 77 77 21 bf 92 52 9f 67 55 1e 5a 26 01 0d bb a8 6e 79 07 b7 22 b7 a7 4b 96 d7 22 73 b9 98 cd e5 5a 0b 55 60 14 20 5e 3f bb e8 7d 6a 92 92 2e 37 2a f0 a7 9a b1 7c aa d1 83 1e 77 b9 c1 5f 7a 5d 40 ab c3 03 47 6e 91 84 84 23 32 64 19 08 ee c3 fb dc f5 ae 84 66 5a 8d a4 ba 2a f0 fe ed d0 e4 05 38 e7 e9 49 70 ee a9 e5 4c 39 ea 1b af e5 55 26 19 85 26 85 b7 3c 40 06 c7 18 3f d7 eb 50 8b a9 0b 28 de 7e 5c ed 56 e7 ea 7d 69 d8 86 58 69 3c b7 0e 8e 64 e3 90 c3 f9 d7 57 f0 36 f3 c3 90 fc 59 d2 62 f1 7d cd fd 86 8f a8 31 b3 6d 47 4d bd 6b 59 b4 e9 5f 02 39 f7 af 54 07 86 53 c6 0f b5 72 90 a1 9d 99 d6 35 dc a3 2f db 23 d0 7b d7 65 f0 4f c3 f6 9a f7 89 43 cd 1d f3 7f 63 34
                                                      Data Ascii: (HrB5qYsww!RgUZ&ny"K"sZU` ^?}j.7*|w_z]@Gn#2dfZ*8IpL9U&&<@?P(~\V}iXi<dW6Yb}1mGMkY_9TSr5/#{eOCc4
                                                      2025-01-14 21:42:47 UTC16384INData Raw: a1 37 52 37 6a c6 f3 8a 8b 28 e8 f3 9b 95 67 7c 06 0d d2 af 48 0b e3 b0 a6 43 04 71 1c a8 00 9a 96 ba 0c c3 8e 94 a2 92 ab ea 53 79 36 c5 b1 da 80 26 f3 a2 33 79 61 c6 ef 4a 26 9a 28 88 12 38 5c f4 cd 73 51 dc c0 b7 1b e5 76 cf 50 d5 43 5d d4 0c f7 43 63 e5 50 60 1a 9e 61 d8 ea ef 25 05 4b 45 8d dd 8d 45 67 e7 b3 00 ed 9d d5 83 a3 de b9 40 92 48 4f 3c 64 d6 cd 8d c9 79 82 9c 8d be b4 5e e0 6b aa e1 40 02 8a ad 25 fc 09 f7 dc 7e 75 24 37 50 49 81 1b 83 9e 95 42 25 60 bb 72 7f 4a c9 f1 1a af d9 f7 a8 e4 53 fc 41 7f 25 a3 2a a7 42 33 9a c3 d4 35 19 6e 46 d2 78 ef 53 26 86 65 2a ee 76 cf 18 35 34 4c 55 31 9a 64 88 4b 7e ef ab 1a df f0 fe 86 24 8f cc bc 04 67 ee ad 42 57 19 47 41 2f 3d f2 46 79 dd 5d 9a 8d aa 17 1d 06 2a a5 86 9d 6b 67 93 0a 7c c7 b9 eb 56 bb
                                                      Data Ascii: 7R7j(g|HCqSy6&3yaJ&(8\sQvPC]CcP`a%KEEg@HO<dy^k@%~u$7PIB%`rJSA%*B35nFxS&e*v54LU1dK~$gBWGA/=Fy]*kg|V
                                                      2025-01-14 21:42:47 UTC16384INData Raw: aa bb 62 19 da 30 33 f4 aa d6 72 ef 6f 2d 30 59 ba 0e 87 35 37 8d 0a 36 a6 f3 e3 cb 97 38 78 cf 46 07 d3 de aa d8 b4 31 43 bb cb fb dc 0d dd 45 6b 1f 85 16 8d ab 1b a2 ac 8d 36 49 57 05 58 af 7c f2 3e 95 57 5e bb 96 4d 51 d6 36 f2 e1 52 7c a5 53 ca 29 ed 9e f5 63 fb 41 27 d2 e4 b5 58 81 ca 60 9d b9 c9 1e 9e 95 8f 09 68 e4 60 58 b7 1c 6e a5 15 a9 51 dc b7 b0 bd ba 3e ec 36 39 04 75 20 d3 ec ee 24 b7 99 b7 61 91 86 7d 70 6a bd be 7c b2 16 4c 8c e7 6d 3d 48 0a 47 98 a4 75 fa 55 d8 4c df d3 ee 21 5b d4 96 14 da 64 5d ae 41 c8 6f 5a 87 c5 10 2d e6 d7 b7 80 09 54 6d 2a cd 80 7d 0e 6a 9e 86 f2 09 b1 17 cc a0 f1 f5 ef f8 56 86 a1 13 5c ab 3c 67 6b 30 22 41 e8 7d 40 a8 da 44 f5 39 19 a1 91 66 64 bd 83 0e 06 32 78 1f 51 44 31 46 b1 98 e5 56 57 ec 71 c5 5e d6 e1 d4
                                                      Data Ascii: b03ro-0Y5768xF1CEk6IWX|>W^MQ6R|S)cA'X`h`XnQ>69u $a}pj|Lm=HGuUL![d]AoZ-Tm*}jV\<gk0"A}@D9fd2xQD1FVWq^
                                                      2025-01-14 21:42:47 UTC16384INData Raw: 31 3e 47 1d 30 73 d6 bb 4d 3e 18 62 b3 30 bf 91 a8 6a 4b f3 f9 25 70 9c f5 1f 5e dc d6 75 6a 38 b5 66 54 b4 d8 a1 a2 c3 a4 69 17 92 1d 56 d5 75 19 36 86 b4 2b 19 68 f6 f7 c8 e0 9a dd d6 3c 67 7f fd 97 1f f6 0b 59 69 fe 5a 14 65 b6 87 6e f5 cf 60 7d 2b 8c d2 b5 3d 46 5b 81 a5 c2 d3 6c 62 ca 6d 98 7c d0 90 7a ab 1e 9e 98 a4 d4 af e2 d3 55 62 48 b7 5c 6e fd eb ba fc bd 7b 7f 5a c6 74 54 e5 79 6a c9 71 d4 ed 3c 33 f1 26 f1 6d c2 6a 9a 80 95 80 d8 86 45 dc ab ee 05 2e aa ba 3e a5 27 db 75 5b 88 99 64 3f 24 e6 53 b1 7d 38 1d 2b 81 b6 78 67 94 cf 23 43 1a ca d8 fd da f1 c7 b7 51 56 24 8e c4 e8 33 a5 dc cd f6 82 fb a0 94 13 90 3b ae 2a 3e ab 08 cb 9a 3a 31 d9 23 bf bd 9b c2 ba 34 71 db d9 fd 8e e6 69 63 de 76 66 41 bb eb d8 e2 b9 bd 71 ed ac 2c d2 3d 1a c9 45 c2
                                                      Data Ascii: 1>G0sM>b0jK%p^uj8fTiVu6+h<gYiZen`}+=F[lbm|zUbH\n{ZtTyjq<3&mjE.>'u[d?$S}8+xg#CQV$3;*>:1#4qicvfAq,=E
                                                      2025-01-14 21:42:47 UTC16384INData Raw: e0 8f 64 87 26 3d a3 04 b1 04 76 e9 df 9e f5 0c 7a ac d2 49 6e b3 45 0a ab a6 c1 f6 70 15 90 8c fe 7d 6a ac 36 85 f5 23 b6 6f 2a 35 19 2e d9 f9 7d 0e 3d 09 fc ab 45 4e ed b6 89 3d 1b e0 af 8c 34 2f 87 5e 24 f0 cf 8c 74 1f 17 ea 10 c7 06 af 24 1a f6 81 77 a7 f9 d2 69 f0 c9 02 89 2e a3 8c 10 24 de ca 17 7a 61 b0 bc e7 9a ea 97 c7 5e 16 87 e2 55 af c4 9f 83 de 0f 6f f8 58 9a d5 c5 fb f8 9b c3 77 12 cd fb d0 42 18 6e 61 41 f2 b8 67 02 40 07 24 3b 83 82 33 5e 09 ab 5e 2f 99 0c f7 ae a1 80 09 1c e4 80 e4 03 d0 9e e6 ba 2f 0b 78 da f3 c3 56 17 51 e9 b6 96 69 a9 c7 72 b7 ba 57 88 bc a3 fd a5 a5 4c aa 14 79 6f ca b4 4c 9b 95 91 81 18 63 4e 54 b4 3a 29 ce c7 d1 7e 03 f8 a9 f1 40 eb 9a b7 89 3e 2e 68 37 de 1a f0 cf 83 f5 3b 7f ed cb 98 e3 68 e2 82 39 49 84 43 1a 72
                                                      Data Ascii: d&=vzInEp}j6#o*5.}=EN=4/^$t$wi.$za^UoXwBnaAg@$;3^^//xVQirWLyoLcNT:)~@>.h7;h9ICr
                                                      2025-01-14 21:42:47 UTC16067INData Raw: 8a 45 1c ae 79 3e f5 2d 91 26 d1 46 f1 ac 84 31 a5 b2 e7 76 72 70 4b 7f fa ea af cd 2e 0c b3 11 c6 38 ab da a3 58 b5 ba ad b4 63 73 fc cc ec 70 c3 3e 95 5e 48 5d a3 58 48 49 63 ea 24 4e a2 84 4d cc 7b 99 e7 0c c8 ad c0 e0 63 a1 a5 b5 bd 68 21 6d f1 07 66 e8 58 f4 fc 2a 4d 6a 09 2d a3 12 ab 6f 8f 38 56 27 fa 54 3a 54 5f da 77 eb 04 ee 10 11 95 fe 95 46 8a d6 2c 43 15 c5 d9 47 74 c2 e3 23 de 9c eb b3 83 c6 d3 f2 ae 39 35 ab 0e 9a ea ad 18 9f e6 4f 95 43 9c 1f a6 2a a6 a0 8f 0c 88 64 27 7a 9c 2f f7 7f 0a 9b 92 d9 55 a1 2f 1e 0f ca e3 24 0c 54 4a b8 85 99 64 f9 fa 60 8a d4 32 c0 ec 5e 7f dd b0 1c ed 3f c5 8f 4a cd b3 f9 a5 96 42 73 b4 e1 94 9f bc 3d aa 90 12 49 7d a8 4e 42 dd dd cb 28 d8 14 7c e4 02 07 4c 81 d7 15 0d ed e5 f4 d1 c6 b7 37 52 ce 23 50 a8 25 72
                                                      Data Ascii: Ey>-&F1vrpK.8Xcsp>^H]XHIc$NM{ch!mfX*Mj-o8V'T:T_wF,CGt#95OC*d'z/U/$TJd`2^?JBs=I}NB(|L7R#P%r
                                                      2025-01-14 21:42:47 UTC16384INData Raw: b4 e3 1c 63 ed a8 f3 38 b9 2b ad c8 94 a3 73 5b c7 1a 8f c4 9b df 86 56 3f 15 df e2 1e 83 aa ea b6 7a 84 5e 29 b8 d1 f4 cb f8 ed ed 74 dd 31 a1 4d d1 c7 bc 79 a5 dc 83 16 33 c9 27 15 ec 3f 0b ff 00 68 df 87 3e 34 d3 ad e6 9a 69 34 9d 52 e2 34 f3 f4 b6 8d e4 6b 69 de 6f 2e 3b 7d e1 70 c5 86 1b 77 03 1e 95 f3 b7 89 3c 43 a6 fc 30 d7 1b c0 51 5d 69 5a b6 95 a2 c6 26 96 3b 5b 34 bb b0 37 93 44 b1 dd 09 77 e5 99 d7 0c 54 6e 2a ac 43 00 0f 02 5f 11 78 93 41 d0 fe 26 ea ba 3f 80 a7 b7 9b 47 8b 52 8b fb 23 56 b6 95 66 9a e9 04 28 c0 ac e7 03 89 09 cb 30 38 c6 2b 91 e3 2a c6 0e 74 e1 7e bd b4 0e 68 5d 2b d8 fa 6f e3 17 c5 7f 09 7c 33 f1 55 8d 8f 89 af 97 ec b7 c2 48 a6 fb 34 46 49 f4 c9 91 4b 2b 4b 1a fc cd 1c 9f 74 10 3e 53 8e c6 bc 37 c7 df 11 b5 af 19 df 30 9b
                                                      Data Ascii: c8+s[V?z^)t1My3'?h>4i4R4kio.;}pw<C0Q]iZ&;[47DwTn*C_xA&?GR#Vf(08+*t~h]+o|3UH4FIK+Kt>S70
                                                      2025-01-14 21:42:47 UTC16384INData Raw: 6f 6f 7f a0 c2 b6 b7 6e 66 87 6a c2 b0 31 09 83 d5 58 9f e6 2a a2 26 27 8c bc 27 a0 78 87 59 d3 f4 28 af e1 d3 e4 8e 17 27 50 58 79 66 5d ac 36 1e 85 8f 52 d5 25 be 8d aa ff 00 67 db cd 7f ae dd 24 50 c8 56 18 66 0b 1a c8 0e 41 3b 57 ae 40 ce 71 9a cc 8b 5c ba b6 ba 93 48 fe cc 84 b4 4d e4 bc d2 6a 07 16 eb dd b6 01 9f d6 bb 0d 3f 48 81 74 98 a4 d1 ef 45 bd e4 4a e5 6e ee 90 34 62 46 c6 42 64 9e 07 14 6c 57 42 c6 8f 32 dd e8 77 ba 74 19 86 dc 1f be c8 d0 c5 33 74 c2 bb 75 07 d7 b5 72 b6 b6 7a 85 9e a4 34 ab ad eb 14 81 9e 14 4b a5 91 62 65 f9 8a ee cf d0 8a eb 3c 27 3d d5 d5 ca 58 78 b7 4d 66 28 00 8e 73 74 24 8e e5 8f 0c 14 0e 14 1f 7a e2 75 fd 16 d3 48 f1 95 c2 5b e8 bf d9 f6 6f 70 c6 0f 32 42 d1 18 cf 20 86 1c 66 9a dc ce 5b 1d 46 9f e2 3b eb b8 52 fb
                                                      Data Ascii: oonfj1X*&''xY('PXyf]6R%g$PVfA;W@q\HMj?HtEJn4bFBdlWB2wt3turz4Kbe<'=XxMf(st$zuH[op2B f[F;R


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      4192.168.2.650163150.171.28.10443
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-14 21:42:48 UTC375OUTGET /th?id=OADD2.10239356819466_1PN1118HHI92HRAXE&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate, br
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                      Host: tse1.mm.bing.net
                                                      Connection: Keep-Alive
                                                      2025-01-14 21:42:48 UTC856INHTTP/1.1 200 OK
                                                      Cache-Control: public, max-age=2592000
                                                      Content-Length: 978255
                                                      Content-Type: image/jpeg
                                                      X-Cache: TCP_HIT
                                                      Access-Control-Allow-Origin: *
                                                      Access-Control-Allow-Headers: *
                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                      Timing-Allow-Origin: *
                                                      Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                      NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      X-MSEdge-Ref: Ref A: 8D1365BA960949B0871D360E0231079D Ref B: EWR311000105045 Ref C: 2025-01-14T21:42:48Z
                                                      Date: Tue, 14 Jan 2025 21:42:47 GMT
                                                      Connection: close
                                                      2025-01-14 21:42:48 UTC15528INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 15 e0 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 35 3a 31 33 20 31 38 3a 31 38 3a 32 33 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01
                                                      Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 24.4 (Windows)2023:05:13 18:18:238
                                                      2025-01-14 21:42:48 UTC16384INData Raw: c5 89 9d 08 c7 48 df 5f 40 dd 55 ae 35 db 6b 0f 10 7f 65 de 58 cd 2c 72 da fd a6 5b a8 a6 ff 00 57 fd c5 db 53 46 fb e1 f3 2b 9e f1 1c bb 3c 4d 75 67 fb 9b 59 25 f2 2c a2 d5 65 87 ce f2 d3 c9 8f 72 bc 3f ed 37 fc 0a a3 32 ad 2a 54 bd dd ce 9e 17 c0 d2 c5 63 27 0a b1 bc 52 3a 7b 8f dc cd e5 c9 59 be 20 ff 00 4c be d2 b4 7f f9 eb 2c f7 32 ff 00 1f c9 1a 79 4b ff 00 8f 3b d4 1a 7f 8a 25 d6 f5 4f 0a db d8 0f 2b 53 96 57 93 5f b0 96 1f 9e 3f 22 db ef 47 bb ef 2f 98 bf 2d 5a f0 5d d5 96 b1 e2 0b ab c8 ef be d5 26 97 14 9a 4f 9b e4 ec 9b fd 74 8c ff 00 27 f7 fe e2 b5 78 59 c6 6d 0f a9 4a 31 de c7 d5 e4 1c 33 3a 19 84 71 12 96 8a fa 1a 9e 11 b0 b2 b5 d4 bf b3 27 f3 a3 8e 2b 08 e2 96 2f f6 22 de e8 ff 00 f0 2f ee d7 37 71 75 aa 5b 5a 45 71 1c f7 97 49 7d 2b db 79
                                                      Data Ascii: H_@U5keX,r[WSF+<MugY%,er?72*Tc'R:{Y L,2yK;%O+SW_?"G/-Z]&Ot'xYmJ13:q'+/"/7qu[ZEqI}+y
                                                      2025-01-14 21:42:48 UTC16384INData Raw: 4e f0 85 a4 13 5a da 69 72 ea b1 45 14 50 3b f9 91 6a 10 fd aa 1f 2b fd cd f2 ff 00 bd 4f 2f 9f 38 4f dc 30 b4 bb ab 99 bc 09 fd b1 71 7d 65 f6 7f dc 6a de 54 b0 fe fb f7 73 46 ce b1 bf fb 48 ff 00 f7 d7 fb b5 e8 b6 f7 11 d8 68 b1 59 c9 e7 79 96 b1 49 1c bf c0 92 7f bb bb fe f9 af 34 7b 8d fa 9c da 7d 9e 87 65 f6 8d 67 c2 da 54 71 79 5b 1f ec fe 6c 29 ff 00 00 f9 64 8e 46 ae e7 5c b8 8e db 45 d5 64 b8 9f cd f2 a2 bb f3 6e bf e9 ab 7d a3 67 fe 81 5e fe 3e 10 8a 84 62 73 51 9f 31 d8 68 ed 13 ff 00 67 d8 5c 41 79 2d 9c ba a5 a5 b5 fc 51 4c 9b 3c a9 e1 dd 6f 27 f7 95 b7 cf e5 b5 6f 69 f6 77 0f e1 fb 4b c9 26 9a 58 e4 bf 82 4b af 37 e4 b9 fb 52 bb 43 23 49 ff 00 c5 57 3d e0 c7 b9 b6 9b c3 f2 5e 79 11 47 16 95 69 f6 a9 7c 9f df 79 4c 90 46 ff 00 7f f7 6f f3 79
                                                      Data Ascii: NZirEP;j+O/8O0q}ejTsFHhYyI4{}egTqy[l)dF\Edn}g^>bsQ1hg\Ay-QL<o'oiwK&XK7RC#IW=^yGi|yLFoy
                                                      2025-01-14 21:42:48 UTC16384INData Raw: db 17 ef be 4f 97 ef 27 fc 0a b9 8f 14 6b b6 4f 34 5a 84 70 79 56 7f bb b6 8b ef ff 00 a2 4b bf f8 7f b9 bf be ff 00 92 bb 67 4e 75 7e 13 08 7f 78 b9 6f a6 6a 3a c4 da 84 9a a5 f4 d1 47 75 75 25 cd d4 bf c7 71 f7 db cb 8f 77 fc b2 dd d1 1f f8 78 ab ff 00 e9 3a 96 8b 6b 79 6f 3c 3e 5c bf f1 eb e5 7f c7 b5 c2 49 fd df 33 f4 fe 3a 87 7c 69 a2 fe ee c6 68 ae 2d 62 fd d7 9b 37 c9 71 b9 f7 f9 9f ed ed d9 5c de 87 aa c9 67 a5 da c9 6f fb d8 ec 2e e4 8e 2f 36 14 9b ec ff 00 3e e7 ff 00 80 6e 7f ba df 3e da bf aa f2 fb a3 f6 dc de f1 66 dd 24 87 5a b5 f3 20 f2 a4 97 55 b4 b6 96 59 7e 78 63 89 bc c5 97 7f fb 26 bb cf 07 e8 f6 d0 ea 92 db db df 79 b7 16 b7 57 77 36 b1 7d c8 64 b5 5d 9b d1 f7 b6 e8 f6 37 fb 35 ca e9 76 31 cd a6 5a dc 49 aa cd 2d bf fc b2 b4 f3 9e 1f
                                                      Data Ascii: O'kO4ZpyVKgNu~xoj:Guu%qwx:kyo<>\I3:|ih-b7q\go./6>n>f$Z UY~xc&yWw6}d]75v1ZI-
                                                      2025-01-14 21:42:48 UTC16384INData Raw: 79 e7 45 6f fd 81 1c 7a 7f 9b fb 9b 68 fe 4f dc 7c df ed 37 c8 7c cf f7 4d 76 7e 55 cd 9f 95 26 87 7d e5 47 2c 5e 64 b1 45 0a 79 3f 6a 57 fd e7 94 df ec ad 73 da 5e 99 f6 6f 17 45 79 27 93 75 6f 7f e6 49 fe bb f7 d1 a3 26 d7 7f 2d bf ef bf f6 9b 7d 43 e2 4d 57 66 99 75 a1 e8 ff 00 eb 22 96 3f f5 5f 26 91 e6 ff 00 ab 69 7c ad df be b8 ff 00 6f 76 cf 6a fa 09 54 85 5f 7e 27 99 c9 c9 ee 98 ff 00 10 2e e4 bf d5 2e b4 b9 27 b2 8a f2 5b 59 24 96 59 6c b6 5c df f9 4f e7 a7 fa 4f fb 6d d3 7f cd 5c df c3 bd 56 e7 fe 12 eb ab 88 e0 9a ea 3b ab af 2e 5f f7 23 b6 79 37 7f df 55 7e 4b 28 ee 6f 62 8e 3f 26 ea 4b 5b a8 e4 f2 a5 9b ce 49 22 df fb c8 db fd 96 5a 87 45 d3 ec f4 df 88 de 2f f0 79 9f fe 25 96 b7 57 da 6c 52 dd cf e4 cd 3c 1b e0 92 0d af ff 00 3d 76 fc 9b bf
                                                      Data Ascii: yEozhO|7|Mv~U&}G,^dEy?jWs^oEy'uoI&-}CMWfu"?_&i|ovjT_~'..'[Y$Yl\OOm\V;._#y7U~K(ob?&K[I"ZE/y%WlR<=v
                                                      2025-01-14 21:42:48 UTC16384INData Raw: 3f f7 cf ff 00 63 5b 1b 2e 5f 54 b5 b8 f3 fc db cb ff 00 f9 88 5d de ef fe 0f f5 af 1a 7f 96 ab 87 3f 27 bd d4 0b ff 00 0e ed ff 00 73 14 97 90 7d 96 de 5d 57 cb 97 f7 29 fb bb 79 fe 4b 8d cd fe da d7 0d e0 fd 4f ec 7f 0f b4 5b 3b 8f f5 7a 36 9f f6 2b a9 65 99 21 f2 e2 b6 79 22 5d ff 00 de f9 7f f4 3a ec 2f 35 58 de 6b 5d 3e f3 4a d5 22 f3 62 fd d7 95 7a ef e6 7c 9f be 78 23 7f e2 d8 8e ff 00 c7 5e 6f f1 01 e3 4f 1d 78 aa de 4f f8 f8 ba bb 9e 48 a5 97 fe 9e ed a3 dd ff 00 03 fd e5 18 5a 3c f5 b9 42 73 f7 0f 42 f0 fe b1 e7 78 83 4f bc 8e 0f f4 8b 5f 22 38 bf 73 bf fe 9a fc e9 f7 b9 49 23 f9 2a fc 9a 7d cd b6 8b 6b 1f 91 e5 47 f6 5f b3 7f c0 e3 7d ea ff 00 f0 3d f5 c7 f8 3e ee 34 f1 06 95 6f f6 eb df b3 f9 52 5b 4b 75 69 0f 9d e5 a3 43 e5 f9 bf f5 d6 06 f9
                                                      Data Ascii: ?c[._T]?'s}]W)yKO[;z6+e!y"]:/5Xk]>J"bz|x#^oOxOHZ<BsBxO_"8sI#*}kG_}=>4oR[KuiC
                                                      2025-01-14 21:42:48 UTC16384INData Raw: bf bf 27 fa 37 f0 ff 00 b7 5a ba 7e 95 a7 43 36 8b a3 e9 f0 79 5a 7c ba fc 7e 6c 5f 3e f9 22 d9 27 fc 0a a6 f1 03 c8 9f 16 e5 f1 07 ee 7f 7b a7 e9 b2 5d 4b ff 00 4f 13 fe e5 3f f4 0e 6b e9 30 b5 b4 97 99 c5 38 17 34 3d 57 66 a9 6b ae 47 fe ae c3 ff 00 26 11 53 ee ff 00 e4 4d 95 ec 7e 17 b7 fb 67 86 2d 63 d5 34 af b7 e9 77 5a 7c 12 4b 6b fc 76 ee ae 8f f2 37 f7 a3 7f de a3 ad 78 25 bd bc 9f f0 8f ea 1a 7c 9e 74 b7 11 5a dd c9 2c 52 fe e5 f7 fd a7 6d 7b 07 81 ef 74 ed 63 4b fb 65 9c f3 5d 49 fd 9f fb df 2b 67 ee f6 cd f2 4b e5 a7 ef 21 64 6f 93 ff 00 66 af 33 15 0f 70 d9 1c 97 8e 2d 24 b6 f1 46 95 a8 6a 1e 77 97 ff 00 13 2d 26 eb fe 9f 3e d2 fe 7c 77 1f 2f f7 9e 19 7f e0 74 69 76 9f 63 bd 96 f3 ed d3 45 1c 51 47 6d e6 ff 00 cb 18 d9 be 64 fd d7 f1 7e f6 3e
                                                      Data Ascii: '7Z~C6yZ|~l_>"'{]KO?k084=WfkG&SM~g-c4wZ|Kkv7x%|tZ,Rm{tcKe]I+gK!dof3p-$Fjw-&>|w/tivcEQGmd~>
                                                      2025-01-14 21:42:48 UTC16069INData Raw: 25 b4 fd f4 72 47 f7 5b 72 49 07 97 b7 fe 59 ef 7a e5 7c 39 7f 71 e1 fd 4b 4f bb 4b d9 b4 c9 2d 66 9f ec b7 fe 73 ff 00 aa 96 17 8f fe 03 f2 cd bb fd f8 d2 ba af 87 76 ff 00 ea af 24 b1 d6 ae ae 2c 22 4b 68 be d7 f7 e4 4f 93 7e fd ff 00 7f cc 5f 91 b7 ff 00 c0 1b 75 70 de 30 d3 23 d2 a1 ff 00 84 7e df c9 8a 4f 36 4f b2 5d 79 df b9 fb 3f fc b0 ff 00 c7 3c ad d4 e8 43 f7 fc bd cd 39 fd c3 1f e1 5d bc 76 1a 5c ba e7 db a6 96 4d 2f 4f 82 da 2b ab 49 b7 bd c7 9b bd 21 64 df ff 00 4d 25 f9 97 f8 7c f7 ae a6 d7 46 d2 88 b4 fb 7b 4e 3e c1 34 f6 5a fd ad 9e fd f7 1a 6d e7 fa 2c b7 5b ff 00 e5 af d9 a6 96 de 7f 97 fd 56 ca e7 34 fd 3e ca c3 4b d2 b4 bf 23 ed 56 fe 6c 97 b7 52 da 7f ae fb 3d b7 97 2a ba ff 00 73 7c ae 9b 7f ef 9a d8 f1 44 51 c3 65 a5 7f c4 d6 6f b6
                                                      Data Ascii: %rG[rIYz|9qKOK-fsv$,"KhO~_up0#~O6O]y?<C9]v\M/O+I!dM%|F{N>4Zm,[V4>K#VlR=*s|DQeo
                                                      2025-01-14 21:42:48 UTC16384INData Raw: f7 88 9f ed f1 5a b7 91 7f 63 e9 71 69 7a 85 f7 da af 25 d4 24 92 5f 3a 1f f8 f8 dd 36 cd df f7 cf dd ff 00 a6 9d 2a fe a9 e6 7f 62 c5 27 9f 7b 7f f6 0f de 7e f7 7c d3 47 71 6d 79 6f 73 e5 fe f1 bf 85 a3 99 3f bb 5d f4 67 ec a1 cb 1d 51 cd 28 73 9b d6 77 b2 5c ea 7e 1f d4 23 fd d4 91 4b 77 25 ac 52 cd fe ae 5f 91 22 fb df c2 ab 0d 1a c6 9f 2f 8b 7e 12 6b 5f d9 73 c1 fe b6 0b 9d 03 ca d9 e4 fd a2 09 ae 3e 5d df ed f9 72 46 89 fc 0e f5 9b e3 0b 79 3c 9d 3f 4f bc ff 00 40 92 eb 50 92 3f 37 50 9b ec cf b2 e7 cd 69 ae 52 1f bf b1 56 3f bf f7 77 d6 c6 a8 f6 56 7e 18 d4 34 3b 78 2f 7e cf 6b 17 99 e6 c5 34 36 d3 5b da db 5e 45 2c bf 23 fe ef cc da fe 6f 9b 5c 15 3e cc e3 b9 d4 60 e8 fa 85 b5 fe 97 a7 fd a2 09 ae af 2f f4 a8 e4 b5 96 5b 2d fa a7 da 24 df e4 db 4f
                                                      Data Ascii: Zcqiz%$_:6*b'{~|Gqmyos?]gQ(sw\~#Kw%R_"/~k_s>]rFy<?O@P?7PiRV?wV~4;x/~k46[^E,#o\>`/[-$O
                                                      2025-01-14 21:42:48 UTC16384INData Raw: 08 3e c7 2e ab a9 49 a8 5f cd 0f ef a4 f2 2e 7c c4 b6 f3 7f 81 5f fd 7e df e2 f2 52 b9 8d 42 2f b7 c3 aa c7 a8 41 37 fa 7e 9f 7d 17 fb 72 7f a3 79 3f f7 cf f1 d3 3c 69 ad 0d 62 fb c3 76 92 08 25 96 3b ab ef 2a 2f 9f c9 d9 e4 c5 bd 3f db 92 79 1f cf 6f fa 67 f2 d1 1b db 79 d2 c9 e7 f9 b1 cb 6b 25 cf ee bf e7 de 57 48 ff 00 fb 11 5a 60 e1 fb 91 56 f8 c7 d9 dc 46 9f 0a f4 5b 7d 42 78 7c cf 2a 0b 68 a2 96 1d 93 7e fe 6f ba 9f f7 c4 ad b3 f8 57 a5 6f 68 f7 71 fd b7 4a bc d5 3c 9f b1 ea 9e 2a 8e 4b a9 65 9b c9 ff 00 48 5f 2f ca 97 7a 7f 17 ee bf d6 3f fb bf ed 56 6d 9e 83 fd bd f0 de d7 43 d4 27 86 5b 8b a8 bc cb 5f 37 fe 5d 2f 6d 9e 56 b7 d9 fe d7 f0 7f b4 be 65 50 b7 d4 f6 68 be 1f 92 f2 0f f4 7f ed 09 2f 75 0b 59 7e fc 6b ff 00 1e 9f 67 6f ee 32 cd 77 b7 67
                                                      Data Ascii: >.I_.|_~RB/A7~}ry?<ibv%;*/?yogyk%WHZ`VF[}Bx|*h~oWohqJ<*KeH_/z?VmC'[_7]/mVePh/uY~kgo2wg


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      5192.168.2.650183150.171.28.10443
                                                      TimestampBytes transferredDirectionData
                                                      2025-01-14 21:42:49 UTC346OUTGET /th?id=OADD2.10239356819467_11XRGHD2R08E7TNPP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate, br
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                      Host: tse1.mm.bing.net
                                                      Connection: Keep-Alive
                                                      2025-01-14 21:42:49 UTC854INHTTP/1.1 200 OK
                                                      Cache-Control: public, max-age=2592000
                                                      Content-Length: 885276
                                                      Content-Type: image/jpeg
                                                      X-Cache: TCP_HIT
                                                      Access-Control-Allow-Origin: *
                                                      Access-Control-Allow-Headers: *
                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                      Timing-Allow-Origin: *
                                                      Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                      NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                      X-MSEdge-Ref: Ref A: AF93BFC178B444F1AAA59C0332F66CB7 Ref B: EWR30EDGE0311 Ref C: 2025-01-14T21:42:49Z
                                                      Date: Tue, 14 Jan 2025 21:42:49 GMT
                                                      Connection: close
                                                      2025-01-14 21:42:49 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 16 cc 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 35 3a 31 33 20 31 38 3a 31 39 3a 32 33 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 04 38 a0 03 00 04 00 00 00 01 00 00 07 80 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01
                                                      Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 24.4 (Windows)2023:05:13 18:19:238
                                                      2025-01-14 21:42:49 UTC16384INData Raw: af de 1f dd 2f fc b2 a8 fc c9 ad ee 2c 62 fb 4d bc d7 57 be 5c 97 76 9f f2 da de d5 5f fd 5d 5c d3 f4 98 7f d3 a2 d4 2e 7f d7 41 fe 89 e4 ff 00 e3 f4 fd 9d 30 b2 3d 0b e1 9f 8c a2 93 4f fb 2e bf 73 e4 d9 f9 f2 7f 67 ea 06 7d ff 00 64 45 ff 00 96 57 52 3f fe 3a f5 d8 e9 37 96 7a a6 8f 06 ab a5 6a 56 fa 9d 84 ff 00 ea 6e ed 2e 37 c3 5e 11 e3 2b fb 4b 8f 85 7e 2f d4 22 d3 6d e0 b5 b2 d2 e3 d3 3e d7 f7 3f d6 5c c2 9f f7 f6 b6 f4 6f 11 cb e1 9f 1d 5f 6a 16 b6 df e8 1e 7f 97 75 a4 da 7f aa 9d 7f f4 0a 9a 73 a9 0f 88 f2 b3 0c 8a 9d 7f 7e 8f bb 23 d9 68 ac af 07 78 a7 43 f1 3f 9c 34 ab 8f 26 ea cf fe 3e f4 9b bf dc dd d9 ff 00 c0 2b 56 ba 54 ae 7c 66 23 0d 53 0f 53 92 7b 92 45 fb ca 28 86 8a 60 14 51 45 06 61 45 14 50 01 e6 51 45 14 00 54 95 1d 49 e5 d2 66 81 45
                                                      Data Ascii: /,bMW\v_]\.A0=O.sg}dEWR?:7zjVn.7^+K~/"m>?\o_jus~#hxC?4&>+VT|f#SS{E(`QEaEPQETIfE
                                                      2025-01-14 21:42:49 UTC16384INData Raw: 54 7a b4 fa 8c 9e 15 d5 25 b4 b6 f3 be c5 04 72 cb 69 0d c7 fa ff 00 29 f7 f9 49 57 35 09 2e fe d1 3c 51 5c f9 d1 7e ef ce ff 00 48 fd ce ff 00 ef d5 7d 29 e5 82 e2 19 2c 2e 2e 21 90 de c7 25 a0 8b fd 74 1b bf e5 a7 ff 00 15 fe cd 69 4e a0 14 f4 39 ed 35 4f 22 58 b5 2b 7f 2a 6f de cd 77 f6 8f f8 f4 8b ff 00 8a ab 9f be d3 ed fe c9 17 ee 62 9a fb ff 00 41 4f 93 7d 53 fb 24 a3 c4 33 ff 00 67 ff 00 c4 ce eb c4 d7 be 6d dc 5f c1 1d ef fb bf ed 25 49 e7 f9 77 1e 57 fa 9b af f5 5f b9 ad 2a 53 f6 86 7f 01 a9 0f fc b6 8a ee e6 de 1f 27 cb fb 27 f0 27 fb 75 1c d3 e9 d7 1a 2c f6 9f 69 f3 bc ef 2e 5f dc db ff 00 c7 bf ef bf f8 8a cf 86 0b 49 2e 3f 7b 73 fb d9 bf e5 b4 df ec ff 00 05 58 f2 e6 d4 34 e8 3f d1 ad e1 f3 a0 92 58 6d 3e d1 ff 00 3c bf bf be b4 f6 7e cc cf
                                                      Data Ascii: Tz%ri)IW5.<Q\~H}),..!%tiN95O"X+*owbAO}S$3gm_%IwW_*S'''u,i._I.?{sX4?Xm><~
                                                      2025-01-14 21:42:49 UTC16384INData Raw: 34 fd 3c df df dc db d9 db 41 d6 ea ea e3 c9 8a bc 3f 58 f8 b5 e3 3b 8d 40 da ff 00 69 78 77 c3 36 bf bb 22 5d 3e c6 6d 4e ef e6 ff 00 96 69 e6 ec 87 cc ac 5d 56 cf 48 bb d4 26 bf f1 28 f1 17 88 35 0b 1f f4 9f b5 eb 96 ff 00 e8 76 7f dc df bd bc bf 33 fe b8 a6 da 5e d2 2c ec a7 93 4f ed 9e cd e2 1f 88 ff 00 0f 34 4d 37 fb 42 ff 00 c6 7a 34 d1 7f cb 28 b4 fb 8f b5 cc ff 00 ee 45 17 cd 5e 6f e2 cf 8f 77 b7 0d 3c 5e 06 f0 a5 c4 22 1f f5 ba b7 88 6d 9f 64 7f ee 5a c5 f3 ff 00 df 5b 6b 99 fb 7f da 2e 3e d7 ff 00 12 e8 65 87 f7 50 fd 93 48 86 da 69 3c cf fa 6c 9f c3 5b 10 da 5d c9 71 63 a7 cb 73 a8 c3 75 f6 1f 33 4e d3 a1 d8 90 f9 52 3f fc 07 ef 7f b7 51 cc 7a 54 f2 bc 3c 0b 1e 26 bb bb d6 2e 3f b3 f5 0f 12 5c 6b 57 50 c1 ff 00 13 1f f4 8f 26 de 3f 31 37 f9 3e
                                                      Data Ascii: 4<A?X;@ixw6"]>mNi]VH&(5v3^,O4M7Bz4(E^ow<^"mdZ[k.>ePHi<l[]qcsu3NR?QzT<&.?\kWP&?17>
                                                      2025-01-14 21:42:49 UTC16384INData Raw: 65 14 3f ea 6d 34 9b 7f 27 fe fb 77 f9 de b4 2d 34 5d 0f 54 fd ec 5f da 33 5d 59 7e ea 6f ed 1d 5f ed 3f ed d2 e7 03 a0 ba d6 bc 0f a7 eb 5f d9 5a de a5 e4 c5 7b 07 da 7f b2 75 1d 3f ed 9f bd 97 fd 5a 45 71 07 ef 9e b1 f4 fd 5b c3 b6 7a d5 8e 9f a5 78 6f ec 52 c3 3f 9b 36 a3 fd a1 73 6f 67 bf fe 9a 5b be e7 ff 00 80 56 1e 87 27 97 a7 7f 6a e9 5e 24 b8 87 f7 f2 5c cd fd 93 a7 a3 de 7d a2 2f dd ff 00 ad 7f bf 27 f7 63 fb 9f de ad 48 6e 34 8f ec d8 22 8a e7 c9 b5 87 cb 97 c9 86 e3 ce 9b ed 12 7f cf c4 9b 3f 79 70 d4 e9 d3 02 be b9 7f a7 5b db cf a7 e9 fa df 88 a1 96 f6 09 25 86 1f b0 7d a6 1d ed f7 ff 00 d3 3f d6 56 3d a4 f3 69 7e 1d 9e 5b bf dc da c3 f6 68 a1 b4 fb ff 00 67 f3 3f b9 b3 ff 00 1e ad cf ec c9 be cf 07 87 e2 b6 d1 ac be db 3f da 75 6b bb 4b 7f
                                                      Data Ascii: e?m4'w-4]T_3]Y~o_?_Z{u?ZEq[zxoR?6sog[V'j^$\}/'cHn4"?yp[%}?V=i~[hg??ukK
                                                      2025-01-14 21:42:49 UTC16384INData Raw: 69 6d f6 2b 49 bc cf b5 f9 37 0f fe 91 ff 00 5d f6 7d fa af fe 89 a7 e8 b6 36 97 77 3f ba 9a 7f fa f9 ff 00 47 8f fd 8a d2 99 99 c9 cd 3e a3 aa 6a 3e 6d dd cf fc 79 41 1f 9d 2c df e8 d0 da 5b a7 f0 6f ff 00 e2 3e 6a ec 34 fb bf ed 8b 69 e5 97 4d b7 d5 2d 75 49 ff 00 d1 2d 2d 35 0f 26 ce e2 28 ff 00 74 9b 3f e7 8f fe cd 56 2c f5 2b 49 3e c3 17 f6 27 88 b5 4d 3f f7 9f e8 9a e7 fa 4a 7e ef ff 00 21 a6 ef fc 76 a9 eb 9e 25 b4 8e e2 7f 10 5d dc dc 43 a7 f9 ff 00 f2 c6 e2 1f f5 bf f5 cb f8 3f d8 a3 d9 87 c0 67 eb 9a b5 9d 9e a3 7d fd 95 f6 7d 2e eb cf 8e 5f b5 ff 00 67 a7 db 20 8a 3f 93 6b ff 00 cf b7 99 ff 00 8f 55 8b 4b 0d 3a e2 e2 7b bf 0f fd a3 45 b5 9b cb 8b ca 86 de 1f b1 dd ff 00 db 1f ef ee fe 3a b1 69 ae e9 1a 5e 8b 3e ab 2f 8d b4 e8 62 9a 7f 33 c4 3a
                                                      Data Ascii: im+I7]}6w?G>j>myA,[o>j4iM-uI--5&(t?V,+I>'M?J~!v%]C?g}}._g ?kUK:{E:i^>/b3:
                                                      2025-01-14 21:42:49 UTC16384INData Raw: 9e a1 a8 d8 dd c5 e2 4b 8b 2f 3b f7 ba 75 df f6 07 d8 e6 b8 97 fd b9 a1 fd df fc 0e ae 6a da 16 a3 1e b5 04 ba af ef b5 0d 4e 79 22 fd ce a1 f6 8b 8f b4 7f 1b bf fb 1f ed d1 fb c8 19 99 f3 4f 77 1f d8 7f b5 7f 73 6b 07 fc 84 61 fd cf fa 44 bf f0 3f de 55 c9 af f5 69 34 ef ec a8 b4 dd 46 f6 29 bf e5 8d a7 93 32 5f f9 5f ea f7 ec df fb b8 e8 9a 39 b4 3f 15 4f a5 5d f8 93 c3 ba 5c 53 5f 79 53 7f 68 ec bc bc b8 8a 3f f9 ed b3 e7 ae 82 6d 36 6b 3d 17 fe 29 ab 9b 7b 2d 3e 6f fa 07 69 09 67 f6 8f fb 68 9f fd 8d 6b 53 fb e0 71 fe 20 b0 bb d5 3c 45 a5 ea 16 9a 6d be 8b 14 36 5f 61 9b ca b0 4f 3b cd 8b e7 fd dd be e5 f3 bf eb ad 49 e1 3d 4a 1b 7f 3f 50 d5 7e cf aa 7d b6 09 2d bc 9f f5 3f 68 b8 fe ff 00 fb 9f ec 55 8d 5b fb 5f 4f b7 be d4 35 5d 37 5a ff 00 89 2f 97
                                                      Data Ascii: K/;ujNy"OwskaD?Ui4F)2__9?O]\S_ySh?m6k=){->oighkSq <Em6_aO;I=J?P~}-?hU[_O5]7Z/
                                                      2025-01-14 21:42:49 UTC16067INData Raw: f9 1a 1b be 19 d6 45 ed cc d1 d8 6a 22 ce ef 5f 9e 39 6e bf 7f 34 cf 3e d7 fd d4 9f f4 ca 24 fe e7 f1 d5 8b f8 26 fe d0 82 fe ee df 4f 86 c3 53 82 f6 48 8c d7 1e 75 bd 87 c9 f7 23 ff 00 6f fd 8a e4 f5 cd 37 fe 11 3b 8d 53 fd 26 e2 7b 59 a7 b2 97 49 b4 87 ee 47 6b e4 f9 92 79 bf f7 f2 b5 35 68 26 8f 51 d5 3c db 9f f9 0a 6a 97 be 74 3f 68 f3 bc 8f 29 23 fd e7 ff 00 13 59 fb 3a 70 f8 03 da 1a 9a 21 bb 8f 4f 82 58 b4 4f f8 95 79 1e 66 ad e7 5b ff 00 a8 78 ff 00 d6 3c c9 5b 5e 1f f1 5e a3 6f 6d a2 c5 e2 9b 8d 66 7b 59 a0 b9 96 1d 43 4f d9 8b f8 fe e7 91 34 29 f3 6f 5f e0 ae 37 50 8f c4 52 78 77 ed 7a 7e 9b f6 dd 42 68 2e 7f b2 34 eb bb 84 ff 00 89 9d bc 7f ea fc df ee 7f 7f e7 a3 c3 d1 c3 e2 4f 0e c1 aa e9 57 37 17 ba 55 ec 16 57 df da 3f f3 ef 71 6d fd cf ee
                                                      Data Ascii: Ej"_9n4>$&OSHu#o7;S&{YIGky5h&Q<jt?h)#Y:p!OXOyf[x<[^^omf{YCO4)o_7PRxwz~Bh.4OW7UW?qm
                                                      2025-01-14 21:42:49 UTC16384INData Raw: 95 e2 97 f7 37 9e 4c 3f c1 e4 7f 0c 94 ba 87 f6 1d e5 be 97 2c bf db 5a 5d d6 8b ad e9 df e9 70 ea 1f 25 a4 4b 73 b6 4f fa 69 e4 f9 7f 22 7f 7e 9d 68 f3 e9 5e 24 f1 44 b7 5e 1e 82 de 38 b5 3b db 6f b0 6b 63 cd b4 7b 3f f9 6b a7 d9 85 d8 b3 c6 fe ff 00 72 4a e2 c4 53 7e d0 d2 99 35 dc 9a 75 c6 8b e6 e9 57 3f d8 ba 84 df 66 b6 ff 00 9f cf b4 7f 1d d3 fc 9f c5 b3 f8 2a 8f 8e b4 3b ad 2b c1 fe 3a f1 f7 c3 b1 75 3e bf 69 65 a7 45 a7 7d ad 61 37 69 3a cd 1f ef a2 29 f7 ff 00 73 ff 00 2c cd 6a f8 c3 4e bb d2 2d 75 ad 14 5c dc 6a 9a 2e 8d aa 59 69 1a 84 36 96 ff 00 63 b9 b7 ff 00 57 3f ee 7c bf f9 64 d1 7e e7 cd fb ec f5 2f 87 b4 9d 5e 4b 8f f8 4c 34 fd 37 59 86 29 b5 4f 36 29 a5 f2 61 9a 0b 28 df 7a 47 70 8f b7 e7 fe e5 3a 7e ff 00 be 68 79 df 82 06 af 71 a7 c1
                                                      Data Ascii: 7L?,Z]p%KsOi"~h^$D^8;okc{?krJS~5uW?f*;+:u>ieE}a7i:)s,jN-u\j.Yi6cW?|d~/^KL47Y)O6)a(zGp:~hyq
                                                      2025-01-14 21:42:49 UTC16384INData Raw: 28 fb 27 99 e0 cd 2f ec 9f f3 05 9e 4b 6f f8 f7 d9 35 c2 48 ff 00 f1 f1 51 dd da 43 26 b5 a2 4b 2d b7 ee bf b2 ec ae 7c 98 7f e5 a7 ef be 77 93 fe 03 f2 56 84 df bb d3 af ad 3e d3 e7 5a c3 3c 92 c3 ff 00 6d 1e 8a 95 6f c9 c8 6e 63 dd c7 69 27 ee ae ff 00 e5 b7 99 ff 00 d8 56 1e ad 04 b6 7a 75 8c 57 77 3f f1 fb 63 1d f7 ee 7f b8 df df ae d3 c3 3a 2c da e5 be 89 fe 8d 73 e5 5e c1 7b 63 f6 bf e0 f3 63 fb 9f f8 fd 57 f0 44 1e 67 d8 74 ab bf dc ea 10 e8 97 3a 47 ef be 4f 2f cb 99 e5 ae ec 36 6b 4e 83 e4 de db a3 8e a5 3f de 1c de 87 3f d9 ff 00 e9 b7 fd 76 ad 0f 0c 5a 43 27 85 7c 45 17 d9 bf d7 58 f9 be 4c 3f eb b7 c0 fb e1 f2 eb 3f 43 b4 86 e3 4e be b4 8a da e3 cd f2 23 96 d3 ce ff 00 7e ba 0f 06 c9 69 6f fd a9 f6 bb 6b 88 75 0b 29 e3 b6 9a d2 6f f9 e5 ff 00
                                                      Data Ascii: ('/Ko5HQC&K-|wV>Z<monci'VzuWw?c:,s^{ccWDgt:GO/6kN??vZC'|EXL??CN#~ioku)o


                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      General

                                                      Target ID:0
                                                      Start time:16:42:21
                                                      Start date:14/01/2025
                                                      Path:C:\Windows\System32\loaddll32.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:loaddll32.exe "C:\Users\user\Desktop\19MgUpI9tj.dll"
                                                      Imagebase:0xa90000
                                                      File size:126'464 bytes
                                                      MD5 hash:51E6071F9CBA48E79F10C84515AAE618
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:1
                                                      Start time:16:42:21
                                                      Start date:14/01/2025
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff66e660000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:3
                                                      Start time:16:42:21
                                                      Start date:14/01/2025
                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\19MgUpI9tj.dll",#1
                                                      Imagebase:0x1c0000
                                                      File size:236'544 bytes
                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:4
                                                      Start time:16:42:21
                                                      Start date:14/01/2025
                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:rundll32.exe C:\Users\user\Desktop\19MgUpI9tj.dll,PlayGame
                                                      Imagebase:0x2e0000
                                                      File size:61'440 bytes
                                                      MD5 hash:889B99C52A60DD49227C5E485A016679
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:5
                                                      Start time:16:42:21
                                                      Start date:14/01/2025
                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:rundll32.exe "C:\Users\user\Desktop\19MgUpI9tj.dll",#1
                                                      Imagebase:0x2e0000
                                                      File size:61'440 bytes
                                                      MD5 hash:889B99C52A60DD49227C5E485A016679
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:6
                                                      Start time:16:42:21
                                                      Start date:14/01/2025
                                                      Path:C:\Windows\mssecsvr.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\WINDOWS\mssecsvr.exe
                                                      Imagebase:0x400000
                                                      File size:2'281'472 bytes
                                                      MD5 hash:0F00DC99F94FDCA3721D0692B2ACACCD
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000006.00000002.2312294141.000000000040F000.00000008.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000006.00000000.2277734056.000000000040F000.00000008.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:7
                                                      Start time:16:42:23
                                                      Start date:14/01/2025
                                                      Path:C:\Windows\mssecsvr.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\WINDOWS\mssecsvr.exe -m security
                                                      Imagebase:0x400000
                                                      File size:2'281'472 bytes
                                                      MD5 hash:0F00DC99F94FDCA3721D0692B2ACACCD
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000007.00000000.2298949113.000000000040F000.00000008.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000007.00000002.2952105140.000000000042E000.00000004.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000007.00000002.2953238481.0000000002282000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000007.00000002.2953037861.0000000001D62000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:8
                                                      Start time:16:42:24
                                                      Start date:14/01/2025
                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:rundll32.exe "C:\Users\user\Desktop\19MgUpI9tj.dll",PlayGame
                                                      Imagebase:0x2e0000
                                                      File size:61'440 bytes
                                                      MD5 hash:889B99C52A60DD49227C5E485A016679
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:9
                                                      Start time:16:42:24
                                                      Start date:14/01/2025
                                                      Path:C:\Windows\mssecsvr.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\WINDOWS\mssecsvr.exe
                                                      Imagebase:0x400000
                                                      File size:2'281'472 bytes
                                                      MD5 hash:0F00DC99F94FDCA3721D0692B2ACACCD
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000009.00000002.2320921135.000000000040F000.00000008.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_Wannacry, Description: Yara detected Wannacry ransomware, Source: 00000009.00000000.2306667451.000000000040F000.00000008.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:10
                                                      Start time:16:42:25
                                                      Start date:14/01/2025
                                                      Path:C:\Windows\tasksche.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\WINDOWS\tasksche.exe /i
                                                      Imagebase:0x400000
                                                      File size:2'061'938 bytes
                                                      MD5 hash:E2105F086EAB75BD8CDD2B6975E9CE80
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Antivirus matches:
                                                      • Detection: 38%, ReversingLabs
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:11
                                                      Start time:16:42:25
                                                      Start date:14/01/2025
                                                      Path:C:\Windows\System32\svchost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                      Imagebase:0x7ff7403e0000
                                                      File size:55'320 bytes
                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:false

                                                      General

                                                      Target ID:12
                                                      Start time:16:42:25
                                                      Start date:14/01/2025
                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 64 -ip 64
                                                      Imagebase:0x640000
                                                      File size:483'680 bytes
                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:13
                                                      Start time:16:42:25
                                                      Start date:14/01/2025
                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 64 -s 224
                                                      Imagebase:0x640000
                                                      File size:483'680 bytes
                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:14
                                                      Start time:16:42:26
                                                      Start date:14/01/2025
                                                      Path:C:\Windows\tasksche.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\WINDOWS\tasksche.exe /i
                                                      Imagebase:0x400000
                                                      File size:2'061'938 bytes
                                                      MD5 hash:E2105F086EAB75BD8CDD2B6975E9CE80
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Has exited:true

                                                      General

                                                      Target ID:15
                                                      Start time:16:42:26
                                                      Start date:14/01/2025
                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1112 -ip 1112
                                                      Imagebase:0x640000
                                                      File size:483'680 bytes
                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Has exited:true

                                                      General

                                                      Target ID:16
                                                      Start time:16:42:26
                                                      Start date:14/01/2025
                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 64 -ip 64
                                                      Imagebase:0x640000
                                                      File size:483'680 bytes
                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Has exited:true

                                                      General

                                                      Target ID:17
                                                      Start time:16:42:26
                                                      Start date:14/01/2025
                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 196
                                                      Imagebase:0x640000
                                                      File size:483'680 bytes
                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Has exited:true

                                                      General

                                                      Target ID:18
                                                      Start time:16:42:27
                                                      Start date:14/01/2025
                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 64 -s 228
                                                      Imagebase:0x640000
                                                      File size:483'680 bytes
                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Has exited:true

                                                      General

                                                      Target ID:19
                                                      Start time:16:42:27
                                                      Start date:14/01/2025
                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 1112 -ip 1112
                                                      Imagebase:0x640000
                                                      File size:483'680 bytes
                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Has exited:true

                                                      General

                                                      Target ID:20
                                                      Start time:16:42:27
                                                      Start date:14/01/2025
                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 200
                                                      Imagebase:0x640000
                                                      File size:483'680 bytes
                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Has exited:true

                                                      General

                                                      Target ID:31
                                                      Start time:16:43:18
                                                      Start date:14/01/2025
                                                      Path:C:\Windows\System32\svchost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                      Imagebase:0x7ff7403e0000
                                                      File size:55'320 bytes
                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Has exited:false

                                                      Disassembly

                                                      Reset < >

                                                        Execution Graph

                                                        Execution Coverage:71.7%
                                                        Dynamic/Decrypted Code Coverage:0%
                                                        Signature Coverage:63.2%
                                                        Total number of Nodes:38
                                                        Total number of Limit Nodes:9
                                                        execution_graph 63 409a16 __set_app_type __p__fmode __p__commode 64 409a85 63->64 65 409a99 64->65 66 409a8d __setusermatherr 64->66 75 409b8c _controlfp 65->75 66->65 68 409a9e _initterm __getmainargs _initterm 69 409af2 GetStartupInfoA 68->69 71 409b26 GetModuleHandleA 69->71 76 408140 InternetOpenA InternetOpenUrlA 71->76 75->68 77 4081a7 InternetCloseHandle InternetCloseHandle 76->77 80 408090 GetModuleFileNameA __p___argc 77->80 79 4081b2 exit _XcptFilter 81 4080b0 80->81 82 4080b9 OpenSCManagerA 80->82 91 407f20 81->91 83 408101 StartServiceCtrlDispatcherA 82->83 84 4080cf OpenServiceA 82->84 83->79 86 4080fc CloseServiceHandle 84->86 87 4080ee 84->87 86->83 96 407fa0 ChangeServiceConfig2A 87->96 90 4080f6 CloseServiceHandle 90->86 108 407c40 sprintf OpenSCManagerA 91->108 93 407f25 97 407ce0 GetModuleHandleW 93->97 96->90 98 407d01 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 97->98 99 407f08 97->99 98->99 100 407d49 98->100 99->79 100->99 101 407d69 FindResourceA 100->101 101->99 102 407d84 LoadResource 101->102 102->99 103 407d94 LockResource 102->103 103->99 104 407da7 SizeofResource 103->104 104->99 105 407db9 sprintf sprintf MoveFileExA CreateFileA 104->105 105->99 106 407e54 WriteFile CloseHandle CreateProcessA 105->106 106->99 107 407ef2 CloseHandle CloseHandle 106->107 107->99 109 407c74 CreateServiceA 108->109 110 407cca 108->110 111 407cbb CloseServiceHandle 109->111 112 407cad StartServiceA CloseServiceHandle 109->112 110->93 111->93 112->111

                                                        Callgraph

                                                        Executed Functions

                                                        Function 00407CE0 Relevance: 50.9, APIs: 18, Strings: 11, Instructions: 175libraryloaderfileCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,6F7F0EF0,?,00000000), ref: 00407CEF
                                                        • GetProcAddress.KERNEL32(00000000,CreateProcessA), ref: 00407D0D
                                                        • GetProcAddress.KERNEL32(00000000,CreateFileA), ref: 00407D1A
                                                        • GetProcAddress.KERNEL32(00000000,WriteFile), ref: 00407D27
                                                        • GetProcAddress.KERNEL32(00000000,CloseHandle), ref: 00407D34
                                                        • FindResourceA.KERNEL32(00000000,00000727,0043137C), ref: 00407D74
                                                        • LoadResource.KERNEL32(00000000,00000000,?,00000000), ref: 00407D86
                                                        • LockResource.KERNEL32(00000000,?,00000000), ref: 00407D95
                                                        • SizeofResource.KERNEL32(00000000,00000000,?,00000000), ref: 00407DA9
                                                        • sprintf.MSVCRT ref: 00407E01
                                                        • sprintf.MSVCRT ref: 00407E18
                                                        • MoveFileExA.KERNEL32(?,?,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 00407E2C
                                                        • CreateFileA.KERNELBASE(?,40000000,00000000,00000000,00000002,00000004,00000000), ref: 00407E43
                                                        • WriteFile.KERNELBASE(00000000,?,00000000,?,00000000), ref: 00407E61
                                                        • CloseHandle.KERNELBASE(00000000), ref: 00407E68
                                                        • CreateProcessA.KERNELBASE ref: 00407EE8
                                                        • CloseHandle.KERNEL32(00000000), ref: 00407EF7
                                                        • CloseHandle.KERNEL32(08000000), ref: 00407F02
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2312254566.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000006.00000002.2312236744.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000006.00000002.2312275335.000000000040A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000006.00000002.2312294141.000000000040B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000006.00000002.2312294141.000000000040F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000006.00000002.2312351881.0000000000431000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000006.00000002.2312461916.0000000000710000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_400000_mssecsvr.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AddressHandleProcResource$CloseFile$Createsprintf$FindLoadLockModuleMoveProcessSizeofWrite
                                                        • String ID: /i$C:\%s\%s$C:\%s\qeriuwjhrf$CloseHandle$CreateFileA$CreateProcessA$D$WINDOWS$WriteFile$kernel32.dll$tasksche.exe
                                                        • API String ID: 4281112323-1507730452
                                                        • Opcode ID: fb819ea0bbfac7cba45177718834bfaea6ecb5a57a4692884010a03d6946efb9
                                                        • Instruction ID: 13a48b3e7e70fc1f7524b3ea2ca00aec236584d0bbebcf852995d03268f4a9c8
                                                        • Opcode Fuzzy Hash: fb819ea0bbfac7cba45177718834bfaea6ecb5a57a4692884010a03d6946efb9
                                                        • Instruction Fuzzy Hash: B15197715043496FE7109F74DC84AAB7B98EB88354F14493EF651A32E0DA7898088BAA
                                                        Function 00409A16 Relevance: 16.6, APIs: 11, Instructions: 111COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2312254566.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000006.00000002.2312236744.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000006.00000002.2312275335.000000000040A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000006.00000002.2312294141.000000000040B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000006.00000002.2312294141.000000000040F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000006.00000002.2312351881.0000000000431000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000006.00000002.2312461916.0000000000710000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_400000_mssecsvr.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
                                                        • String ID:
                                                        • API String ID: 801014965-0
                                                        • Opcode ID: e3007c8091b935f0f6e9b16d849c1c27a397ab206965397834d54df9927598b6
                                                        • Instruction ID: f220c78e044b43db95b39954543cb8470338bddc8e57b6bf74c51ec52977e19a
                                                        • Opcode Fuzzy Hash: e3007c8091b935f0f6e9b16d849c1c27a397ab206965397834d54df9927598b6
                                                        • Instruction Fuzzy Hash: AF415E71800348EFDB24DFA4ED45AAA7BB8FB09720F20413BE451A72D2D7786841CB59
                                                        Function 00408140 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45networkCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040817B
                                                        • InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,84000000,00000000), ref: 00408194
                                                        • InternetCloseHandle.WININET(00000000), ref: 004081A7
                                                        • InternetCloseHandle.WININET(00000000), ref: 004081AB
                                                          • Part of subcall function 00408090: GetModuleFileNameA.KERNEL32(00000000,0070F760,00000104,?,004081B2), ref: 0040809F
                                                          • Part of subcall function 00408090: __p___argc.MSVCRT ref: 004080A5
                                                        Strings
                                                        • http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com, xrefs: 0040814A
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2312254566.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000006.00000002.2312236744.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000006.00000002.2312275335.000000000040A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000006.00000002.2312294141.000000000040B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000006.00000002.2312294141.000000000040F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000006.00000002.2312351881.0000000000431000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000006.00000002.2312461916.0000000000710000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_400000_mssecsvr.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Internet$CloseHandleOpen$FileModuleName__p___argc
                                                        • String ID: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
                                                        • API String ID: 774561529-2614457033
                                                        • Opcode ID: 0bbc0dabe610ff42f1f9ad6e85cc21407dd9b1b68127969cd029bea3a518856a
                                                        • Instruction ID: 3b8a91e0baa4f3639afdb349cfc438007093f0a6557163af6b5eb03d237fc32a
                                                        • Opcode Fuzzy Hash: 0bbc0dabe610ff42f1f9ad6e85cc21407dd9b1b68127969cd029bea3a518856a
                                                        • Instruction Fuzzy Hash: B3018671548310AEE310DF748D01B6B7BE9EF85710F01082EF984F72C0EAB59804876B

                                                        Non-executed Functions

                                                        Function 00407C40 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 54serviceCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • sprintf.MSVCRT ref: 00407C56
                                                        • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 00407C68
                                                        • CreateServiceA.ADVAPI32(00000000,mssecsvc2.1,Microsoft Security Center (2.1) Service,000F01FF,00000010,00000002,00000001,?,00000000,00000000,00000000,00000000,00000000,6F7F0EF0,00000000), ref: 00407C9B
                                                        • StartServiceA.ADVAPI32(00000000,00000000,00000000), ref: 00407CB2
                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 00407CB9
                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 00407CBC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2312254566.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000006.00000002.2312236744.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000006.00000002.2312275335.000000000040A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000006.00000002.2312294141.000000000040B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000006.00000002.2312294141.000000000040F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000006.00000002.2312351881.0000000000431000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000006.00000002.2312461916.0000000000710000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_400000_mssecsvr.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Service$CloseHandle$CreateManagerOpenStartsprintf
                                                        • String ID: %s -m security$Microsoft Security Center (2.1) Service$mssecsvc2.1
                                                        • API String ID: 3340711343-2450984573
                                                        • Opcode ID: c3592d809756ac94f014d34e1e4fa0c14de5620095203194e3f9233ad68c92ee
                                                        • Instruction ID: 2288e5cc66680fabefb91112cf05624c6df81315eb9d87428618c258e2ee617f
                                                        • Opcode Fuzzy Hash: c3592d809756ac94f014d34e1e4fa0c14de5620095203194e3f9233ad68c92ee
                                                        • Instruction Fuzzy Hash: AD01D1717C43043BF2305B149D8BFEB3658AB84F01F500025FB44B92D0DAF9A81491AF
                                                        Function 00408090 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49serviceCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • GetModuleFileNameA.KERNEL32(00000000,0070F760,00000104,?,004081B2), ref: 0040809F
                                                        • __p___argc.MSVCRT ref: 004080A5
                                                        • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,00000000,?,004081B2), ref: 004080C3
                                                        • OpenServiceA.ADVAPI32(00000000,mssecsvc2.1,000F01FF,6F7F0EF0,00000000,?,004081B2), ref: 004080DC
                                                        • CloseServiceHandle.ADVAPI32(00000000,?,?,?,004081B2), ref: 004080FA
                                                        • CloseServiceHandle.ADVAPI32(00000000,?,004081B2), ref: 004080FD
                                                        • StartServiceCtrlDispatcherA.ADVAPI32(?,?,?), ref: 00408126
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.2312254566.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000006.00000002.2312236744.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000006.00000002.2312275335.000000000040A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000006.00000002.2312294141.000000000040B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000006.00000002.2312294141.000000000040F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000006.00000002.2312351881.0000000000431000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000006.00000002.2312461916.0000000000710000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_400000_mssecsvr.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Service$CloseHandleOpen$CtrlDispatcherFileManagerModuleNameStart__p___argc
                                                        • String ID: mssecsvc2.1
                                                        • API String ID: 4274534310-2839763450
                                                        • Opcode ID: 14f2d0f9cf239aa653f070f930b60ae04978eb0b591616557438e437b3700a6a
                                                        • Instruction ID: 0eddf8d8cc97b5ba853ece0b0f9ce4fe0dc31dc3004373c78c05f92e851b2f94
                                                        • Opcode Fuzzy Hash: 14f2d0f9cf239aa653f070f930b60ae04978eb0b591616557438e437b3700a6a
                                                        • Instruction Fuzzy Hash: 4A014775640315BBE3117F149E4AF6F3AA4EF80B19F404429F544762D2DFB888188AAF

                                                        Execution Graph

                                                        Execution Coverage:34.8%
                                                        Dynamic/Decrypted Code Coverage:0%
                                                        Signature Coverage:0%
                                                        Total number of Nodes:36
                                                        Total number of Limit Nodes:2

                                                        Callgraph

                                                        Executed Functions

                                                        Function 00408090 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 49serviceCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • GetModuleFileNameA.KERNEL32(00000000,0070F760,00000104,?,004081B2), ref: 0040809F
                                                        • __p___argc.MSVCRT ref: 004080A5
                                                        • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,00000000,?,004081B2), ref: 004080C3
                                                        • OpenServiceA.ADVAPI32(00000000,mssecsvc2.1,000F01FF,6F7F0EF0,00000000,?,004081B2), ref: 004080DC
                                                        • CloseServiceHandle.ADVAPI32(00000000,?,?,?,004081B2), ref: 004080FA
                                                        • CloseServiceHandle.ADVAPI32(00000000,?,004081B2), ref: 004080FD
                                                        • StartServiceCtrlDispatcherA.ADVAPI32(?,?,?), ref: 00408126
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2952019098.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000007.00000002.2952000565.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952040609.000000000040A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952061149.000000000040B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952061149.000000000040F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952105140.000000000042E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952121837.000000000042F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952138595.0000000000431000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952244669.0000000000710000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_400000_mssecsvr.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Service$CloseHandleOpen$CtrlDispatcherFileManagerModuleNameStart__p___argc
                                                        • String ID: mssecsvc2.1
                                                        • API String ID: 4274534310-2839763450
                                                        • Opcode ID: 14f2d0f9cf239aa653f070f930b60ae04978eb0b591616557438e437b3700a6a
                                                        • Instruction ID: 0eddf8d8cc97b5ba853ece0b0f9ce4fe0dc31dc3004373c78c05f92e851b2f94
                                                        • Opcode Fuzzy Hash: 14f2d0f9cf239aa653f070f930b60ae04978eb0b591616557438e437b3700a6a
                                                        • Instruction Fuzzy Hash: 4A014775640315BBE3117F149E4AF6F3AA4EF80B19F404429F544762D2DFB888188AAF
                                                        Function 00408140 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45networkCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0040817B
                                                        • InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,84000000,00000000), ref: 00408194
                                                        • InternetCloseHandle.WININET(00000000), ref: 004081A7
                                                        • InternetCloseHandle.WININET(00000000), ref: 004081AB
                                                          • Part of subcall function 00408090: GetModuleFileNameA.KERNEL32(00000000,0070F760,00000104,?,004081B2), ref: 0040809F
                                                          • Part of subcall function 00408090: __p___argc.MSVCRT ref: 004080A5
                                                        Strings
                                                        • http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com, xrefs: 0040814A
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2952019098.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000007.00000002.2952000565.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952040609.000000000040A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952061149.000000000040B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952061149.000000000040F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952105140.000000000042E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952121837.000000000042F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952138595.0000000000431000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952244669.0000000000710000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_400000_mssecsvr.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Internet$CloseHandleOpen$FileModuleName__p___argc
                                                        • String ID: http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
                                                        • API String ID: 774561529-2614457033
                                                        • Opcode ID: 0bbc0dabe610ff42f1f9ad6e85cc21407dd9b1b68127969cd029bea3a518856a
                                                        • Instruction ID: 3b8a91e0baa4f3639afdb349cfc438007093f0a6557163af6b5eb03d237fc32a
                                                        • Opcode Fuzzy Hash: 0bbc0dabe610ff42f1f9ad6e85cc21407dd9b1b68127969cd029bea3a518856a
                                                        • Instruction Fuzzy Hash: B3018671548310AEE310DF748D01B6B7BE9EF85710F01082EF984F72C0EAB59804876B

                                                        Non-executed Functions

                                                        Function 00407C40 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 54serviceCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • sprintf.MSVCRT ref: 00407C56
                                                        • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 00407C68
                                                        • CreateServiceA.ADVAPI32(00000000,mssecsvc2.1,Microsoft Security Center (2.1) Service,000F01FF,00000010,00000002,00000001,?,00000000,00000000,00000000,00000000,00000000,6F7F0EF0,00000000), ref: 00407C9B
                                                        • StartServiceA.ADVAPI32(00000000,00000000,00000000), ref: 00407CB2
                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 00407CB9
                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 00407CBC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2952019098.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000007.00000002.2952000565.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952040609.000000000040A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952061149.000000000040B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952061149.000000000040F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952105140.000000000042E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952121837.000000000042F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952138595.0000000000431000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952244669.0000000000710000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_400000_mssecsvr.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Service$CloseHandle$CreateManagerOpenStartsprintf
                                                        • String ID: %s -m security$Microsoft Security Center (2.1) Service$mssecsvc2.1
                                                        • API String ID: 3340711343-2450984573
                                                        • Opcode ID: c3592d809756ac94f014d34e1e4fa0c14de5620095203194e3f9233ad68c92ee
                                                        • Instruction ID: 2288e5cc66680fabefb91112cf05624c6df81315eb9d87428618c258e2ee617f
                                                        • Opcode Fuzzy Hash: c3592d809756ac94f014d34e1e4fa0c14de5620095203194e3f9233ad68c92ee
                                                        • Instruction Fuzzy Hash: AD01D1717C43043BF2305B149D8BFEB3658AB84F01F500025FB44B92D0DAF9A81491AF
                                                        Function 00407CE0 Relevance: 40.4, APIs: 12, Strings: 11, Instructions: 175libraryloaderCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 15 407ce0-407cfb GetModuleHandleW 16 407d01-407d43 GetProcAddress * 4 15->16 17 407f08-407f14 15->17 16->17 18 407d49-407d4f 16->18 18->17 19 407d55-407d5b 18->19 19->17 20 407d61-407d63 19->20 20->17 21 407d69-407d7e FindResourceA 20->21 21->17 22 407d84-407d8e LoadResource 21->22 22->17 23 407d94-407da1 LockResource 22->23 23->17 24 407da7-407db3 SizeofResource 23->24 24->17 25 407db9-407e4e sprintf * 2 MoveFileExA 24->25 25->17 27 407e54-407ef0 25->27 27->17 31 407ef2-407f01 27->31 31->17
                                                        APIs
                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,6F7F0EF0,?,00000000), ref: 00407CEF
                                                        • GetProcAddress.KERNEL32(00000000,CreateProcessA), ref: 00407D0D
                                                        • GetProcAddress.KERNEL32(00000000,CreateFileA), ref: 00407D1A
                                                        • GetProcAddress.KERNEL32(00000000,WriteFile), ref: 00407D27
                                                        • GetProcAddress.KERNEL32(00000000,CloseHandle), ref: 00407D34
                                                        • FindResourceA.KERNEL32(00000000,00000727,0043137C), ref: 00407D74
                                                        • LoadResource.KERNEL32(00000000,00000000,?,00000000), ref: 00407D86
                                                        • LockResource.KERNEL32(00000000,?,00000000), ref: 00407D95
                                                        • SizeofResource.KERNEL32(00000000,00000000,?,00000000), ref: 00407DA9
                                                        • sprintf.MSVCRT ref: 00407E01
                                                        • sprintf.MSVCRT ref: 00407E18
                                                        • MoveFileExA.KERNEL32(?,?,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 00407E2C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2952019098.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000007.00000002.2952000565.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952040609.000000000040A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952061149.000000000040B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952061149.000000000040F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952105140.000000000042E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952121837.000000000042F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952138595.0000000000431000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952244669.0000000000710000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_400000_mssecsvr.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AddressProcResource$sprintf$FileFindHandleLoadLockModuleMoveSizeof
                                                        • String ID: /i$C:\%s\%s$C:\%s\qeriuwjhrf$CloseHandle$CreateFileA$CreateProcessA$D$WINDOWS$WriteFile$kernel32.dll$tasksche.exe
                                                        • API String ID: 4072214828-1507730452
                                                        • Opcode ID: fb819ea0bbfac7cba45177718834bfaea6ecb5a57a4692884010a03d6946efb9
                                                        • Instruction ID: 13a48b3e7e70fc1f7524b3ea2ca00aec236584d0bbebcf852995d03268f4a9c8
                                                        • Opcode Fuzzy Hash: fb819ea0bbfac7cba45177718834bfaea6ecb5a57a4692884010a03d6946efb9
                                                        • Instruction Fuzzy Hash: B15197715043496FE7109F74DC84AAB7B98EB88354F14493EF651A32E0DA7898088BAA
                                                        Function 00409A16 Relevance: 16.6, APIs: 11, Instructions: 111COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000007.00000002.2952019098.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000007.00000002.2952000565.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952040609.000000000040A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952061149.000000000040B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952061149.000000000040F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952105140.000000000042E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952121837.000000000042F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952138595.0000000000431000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000007.00000002.2952244669.0000000000710000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_7_2_400000_mssecsvr.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
                                                        • String ID:
                                                        • API String ID: 801014965-0
                                                        • Opcode ID: e3007c8091b935f0f6e9b16d849c1c27a397ab206965397834d54df9927598b6
                                                        • Instruction ID: f220c78e044b43db95b39954543cb8470338bddc8e57b6bf74c51ec52977e19a
                                                        • Opcode Fuzzy Hash: e3007c8091b935f0f6e9b16d849c1c27a397ab206965397834d54df9927598b6
                                                        • Instruction Fuzzy Hash: AF415E71800348EFDB24DFA4ED45AAA7BB8FB09720F20413BE451A72D2D7786841CB59